-- On Jul 28, 10:33am, Hamish Moffatt wrote: > Subject: Re: New to debian -- question about shells & unused accounts > On Tue, Jul 28, 1998 at 01:33:29AM -0700, Chris Ulrich wrote: > > They all have "*" in the password field by default, which means that > they can't login. Sometimes you do need to switch to them (with su), > so then they need a shell; as root, you can su to any account without > a password, even if it's locked. From memory postgresql requires you to > do all database admin work from its special account, not root, so you'd > su to root, then "su - postgres" again. > > Hamish -- End of excerpt from Hamish Moffatt --
Okay -- that's one account that needs a shell. A user can get authenticated in one of at least three ways that I can think of: 1: login (including xdm and ftp) -> verified by password 2: file (ssh/rsh) -> verified by checking file in home directory 3: magic (kerberos) -> verified by asking someone else in a secure way Of these methods, only #1 actually looks at the second field of the shadow or passwd file. Because every dead account has it's own home directory, there are many more ways to get a shell by putting a .rhosts or .ssh/authorized key file into the account's home directory (either through broken suid programs, misconfigured programs, or NFS). Since the majority of these accounts are not suppose to be used it seems like a needless exposure to have them able to login at all. Because they have a shell, it is possible for an account to log onto the machine. I can think of only a very small class of programs that allow a user to login with a useless shell but a valid password: ftp (iff the useless shell is in /etc/shells) xdm (iff xdm has not been configured to look in /etc/shells) Anyhow, my point is just that "no password" is not a certain way to disable an account. "No shell" is also not a secure way to disable an account. To make sure an account exists only to make files owned by that UID look pretty, one needs to disable both. To be completely sure that even poorly configured debian machines remain as secure as possible, placeholder accounts ought to have their shells and passwords unusable unless there is a specific need otherwise. chris -- Chris Ulrich [EMAIL PROTECTED] 530 754 4355 -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
