Package: base-passwd Version: 3.5.22 System users with UID 1 through 99 should not have a default login shell in /etc/passwd, as they are not interactive accounts. Even though the password is disabled by default in /etc/shadow, it makes no sense to have the login shell as /bin/sh.
The default login shell for these accounts should be /bin/false or /usr/sbin/nologin. The root user, UID 0, of course, should have a login shell. For comparison, Fedora/RHEL and OpenBSD use /sbin/nologin and Mac OS X uses /usr/bin/false. I don't see the current implementation necessarily hurting anything, but it doesn't make sense for an account that doesn't login to the system to have an interactive login shell. Making the default shell /usr/sbin/nologin or /bin/false should increase the security of the system. -- . O . O . O . . O O . . . O . . . O . O O O . O . O O . . O O O O . O . . O O O O . O O O
signature.asc
Description: OpenPGP digital signature
