On Fri, Jan 11, 2002 at 10:00:32PM -0500, Hubert Chan wrote: > So daemon, bin, sys, ftp, www-data, mail, mysql, etc. can probably be > set to /bin/false. (Why does Debian not do this by default?) Apart from the ftp users which (sometimes) need their ftp password to be stored in /etc/shadow and thus would making it a valid login password to, I can see no reason why not giving a user, that has *no* password, a shell. Without a password in /etc/shadow or /etc/passwd he could not login and if someone cracks the server with i.e. a buffer overflow he does not depend on the passwd entries but executes /bin/bash directly. On the other hand when executing "su -c daemonxy cronscriptxy" from your crontab or similar than you need a valid shell because the shell relies on it when executing child programs.
BTW: for ftp and pop3 users I could imagine /bin/passwd beeing a nice shell because it would allow the users to change their password via ssh. bye, -christian- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]