> > Humm. . . On my Mandrake 9.0 box, the rpm user's shell is set to > > /bin/false , > > so I would suspect that you can probably safely change it to that. > > Even this isn't necessarily safe; by the time that the "shell" gets to
I'm sorry -- I wasn't precise enough in my choice of words. By "safely", I meant with respect to the intended functionality of the system, not necessarily the security of the system. And you're absolutely right: having /bin/false there doesn't provide any guarantee of security. It will, however, aid in protecting against using the account with a default password that was unintentionally left on the system, or a brute-force attack against that account. Problems with /bin/false aside, if an attacker can run arbitrary code as a given user, it doesn't matter what shell (if any) that user is assigned in /etc/passwd: the attacker can just exec whatever shell they want. Terry #include <disclaimer>
