i just installed a host security checker, tiger (TARA?) which is more or less along the lines of what i remember from dan farmer's COPS (a loooong time ago!)
it had a number of complaints about accounts which were disabled but had valid shells. like this one: www-data:x:33:33:www-data:/var/www:/bin/sh why, exactly, is this a security risk? is tiger expecting something along the lines of: www-data:x:33:33:www-data:/var/www: what is the hangup here? also, i noticed that some accounts which are disabled are given a shell of /bin/false: ftp:x:100:65534::/home/ftp:/bin/false tiger seemed to hate this too. i tried playing around with /bin/false. can't seem to figure out what it is. whatever it is, it's tiny. only 4 kb long. thanks! pete