Previously Ethan Benson wrote: > On 8/1/2000 Wichert Akkerman wrote: > > >Do they have /bin/true listed in /etc/shells? I'm tempted to change > >the shell in passwd for Debian as well.. > > No they do not, on a redhat system the `system' accounts vary from > /bin/true to /bin/false (apparently from whatever each individual > package maintainer happens to pick) I cannot think of any real > difference between one or the other (the only difference is the exit > code) > > my personal opinion is that /bin/false is a logical choice for a > system account for which no login access should ever be granted for. > and /bin/true can then be optionally added to /etc/shells for use in > non interactive user accounts (ftp and such) without reducing the > security of locked non login system accounts. > > this seems to be pretty much in line with Debian policy other then > the fact that there are perhaps more accounts with /bin/sh as the > shell then there should be. > > BTW whatever happened to your proposal to move the qmail uids to the > 60000+ range? was it just too risky for breakage of existing > systems? It turned out to be impossible to do without risking a breakage somewhere. What I think I'll do is relocate them anyway, but keep the uids they currently use reserved to nothing else will use them, and tell update-passwd not to remove them automatically. In other words, use new uids for new installations, but keep the old ones for older machines. Wichert. -- ________________________________________________________________ / Generally uninteresting signature - ignore at your convenience \ | wichert@liacs.nl http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Attachment:
pgpcsIbAKvs6_.pgp
Description: PGP signature