23 Mar
2006
23 Mar
'06
1:19 a.m.
Kai Schaetzl wrote:
I see that /bin/false is not a valid shell by default on CentOS. It is f.i. on Suse. /bin/false is present, though. Is there a security reason for this? man says that nologin gives feedback that the account is not available while false just exits false. Anything against just adding /bin/false to /etc/shells?
Just use it if you want. I'd keep it out of /etc/shells. Historically, some network daemons refused to authenticate users if user's shell was not present in /etc/shells.