 |
 |  |  |  |
|
faq search add article cool-stuff how-to main tips |
 Posted by Jason on Monday March 18, @12:31PMfrom the dept. If you have a server used for email and your users do not need shell accounts, you should disable their shells by setting them to nologin. When you create a user, their default shell is set to /bin/sh which grants them the ability to logon to the system and receive a shell prompt. If their shell account is enabled and their account information is compromised, a cracker could potentially login to the system using their credentials- which would be bad! Since a shell account is not necessary for a user to send and receive email, this feature can be disabled for increased security. When you create a new user, simply set their shell to /sbin/nologin. To change the shell account for an existing user, you can use the chpass utility. If you login as root and issue the following command, you will disable the given user's shell account: chpass -s /sbin/nologin {username} To re-enable a shell account, you can issue the same command but with the proper shell information: chpass -s /bin/sh {username}Note: To learn more about the chpass utility and the unix shell, try the man pages. man chpass < | >
|
|
||||||||||||||||||
|
||||||||||||||||||||
| "You never know how many friends you have until you own a Condo on the beach." -- Jason's Postulate |
 |
| All trademarks and copyrights on this page are owned by their respective companies. Comments are owned by the Poster. The Rest ©2001 Jason Neumann. |
TIP: Disable shell accounts
