[CentOS] /bin/false as a login shell -- sorry

Vincent Knecht vknecht at club-internet.fr
Wed Mar 22 19:18:26 UTC 2006


Le Mercredi 22 Mars 2006 20:05, Vincent Knecht a écrit :
> Le Mercredi 22 Mars 2006 18:17, Kai Schaetzl a écrit :
> > I see that /bin/false is not a valid shell by default on CentOS. It is
> > f.i. on Suse. /bin/false is present, though. Is there a security reason
> > for this? man says that nologin gives feedback that the account is not
> > available while false just exits false. Anything against just adding
> > /bin/false to /etc/shells?
>
>   I'd say use /sbin/nologin instead.
> It's already in /etc/shells, and is able to give a reason about why login
> fails (check its man page for that).

Argh, I read/reply too fast without replying to the real question, sorry...
Some little research told me that some '/bin/false' versions have no real 
'login' capacity, but dunno about CentOS' one.



More information about the CentOS mailing list