On Wed, Oct 22, 2003 at 07:13:33PM +1000, Russell Coker wrote: > Having a valid shell all the time because it might be needed at some time is > not a good idea. > > I recall that there was a bug in pam in unstable at one time that would allow > logging in to those accounts. Setting the shells to /bin/false would have > prevented that bug from being a problem.
This has been around the debsec bush several times, but I'll toss my 2p in again anyway. I've run many servers and firewalls with all non-user account shells set to /bin/false, including in busy web and db servers, and have never seen any problems whatever. Whatever it is that breaks, it ain't important enough to worry about. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]