OTERO Hernan Gustavo EDS wrote:
> Looking in the /etc/passwd in my RH 8.0 instalation, the users
>
> news:x:9:13:news:/etc/news:
> rpm:x:37:37::/var/lib/rpm:/bin/bash
>
> has shell. Why this users need shell?
It *might* be because the "rpm" account is used to run some program
which either:
a) actually needs to know which is the preferred shell, or:
b) doesn't actually need to know this information in order to perform
the tasks for which it is used by the "rpm" account, but insists on
having it anyway (e.g. because it sometimes does need it and the
possibility of it being unavailable wasn't considered).
This is just a guess; but it's the most obvious possibility (i.e. some
program seems to insist upon the RPM account's shell being valid, so
RH just decided to keep it happy).
"Zow" Terry Brugger wrote:
> Humm. . . On my Mandrake 9.0 box, the rpm user's shell is set to /bin/false ,
> so I would suspect that you can probably safely change it to that.
Even this isn't necessarily safe; by the time that the "shell" gets to
run, an attacker may have created a hostile environment for it. There
have been actual security vulnerabilities arising from using an unsafe
/bin/false program as a login shell; IIRC, it was a one-line shell
script ("exit 1"), but a bug in the interpreter allowed an invalid
user who had been dumped into the "/bin/false" script to interrupt the
script and get an interactive shell.
Adam H. Pendleton wrote:
> >I'm wondering why I would want that - until now nobody could give me a
> >good argument although everybody learns to remove the shells :-(
> >
> >* If I give my users a disabled password, they cannotđ login via passwd
> > based ssh/ftp/pop3 etc.
>
> True enough. However, there are lots of situations where you want a user
> to be able to login via FTP, but not have shell access. In this case,
> "shells" such as /bin/nologin allow the shell program to return "TRUE",
> thus allowing a FTP login, but not shell access through SSH,etc.
However, note that some services don't care whether or not you have a
valid shell (XDM doesn't care, IIRC). To be safe, you need to analyse
each potential login mechanism[1] individually; exactly what
constitutes a "valid" user for each mechanism?
[1] I.e. any root-owned daemon or setuid-root program which changes
its ID to an arbitrary user.
--
Glynn Clements <[EMAIL PROTECTED]>
