1 |
On Fri, 31 Oct 2003, Kurt Lieber wrote: |
2 |
|
3 |
> On Fri, Oct 31, 2003 at 01:55:13PM -0800 or thereabouts, Kevyn Shortell wrote: |
4 |
> > It's often overlooked but a much easier method for locking a user out is |
5 |
> > simply to change their default shell to /bin/false or something like it. |
6 |
> > SSH keys or not, they won't be getting access to the box anytime soon |
7 |
> > without a default shell. |
8 |
> |
9 |
> A valid point, but iirc, this still allows the user to do things which |
10 |
> don't require an interactive shell. (scp, for instance) |
11 |
|
12 |
I don't think that is the case - actually, I've managed to break scp by |
13 |
changing bashrc output. |
14 |
|
15 |
scp does require the user to have a valid shell. |
16 |
|
17 |
-- |
18 |
gentoo-dev@g.o mailing list |