[CentOS] /bin/false as a login shell -- sorry
vknecht at club-internet.fr
Wed Mar 22 19:18:26 UTC 2006
Le Mercredi 22 Mars 2006 20:05, Vincent Knecht a écrit :
> Le Mercredi 22 Mars 2006 18:17, Kai Schaetzl a écrit :
> > I see that /bin/false is not a valid shell by default on CentOS. It is
> > f.i. on Suse. /bin/false is present, though. Is there a security reason
> > for this? man says that nologin gives feedback that the account is not
> > available while false just exits false. Anything against just adding
> > /bin/false to /etc/shells?
> I'd say use /sbin/nologin instead.
> It's already in /etc/shells, and is able to give a reason about why login
> fails (check its man page for that).
Argh, I read/reply too fast without replying to the real question, sorry...
Some little research told me that some '/bin/false' versions have no real
'login' capacity, but dunno about CentOS' one.
More information about the CentOS