Le Mercredi 22 Mars 2006 20:05, Vincent Knecht a écrit :
Le Mercredi 22 Mars 2006 18:17, Kai Schaetzl a écrit :
I see that /bin/false is not a valid shell by default on CentOS. It is f.i. on Suse. /bin/false is present, though. Is there a security reason for this? man says that nologin gives feedback that the account is not available while false just exits false. Anything against just adding /bin/false to /etc/shells?
I'd say use /sbin/nologin instead. It's already in /etc/shells, and is able to give a reason about why login fails (check its man page for that).
Argh, I read/reply too fast without replying to the real question, sorry... Some little research told me that some '/bin/false' versions have no real 'login' capacity, but dunno about CentOS' one.