Gentoo Archives: gentoo-dev

From:	Eldad Zack <eldad@××××××××××××××.cx>
To:	Kurt Lieber <klieber@g.o>
Cc:	gentoo-dev@g.o
Subject:	Re: [gentoo-dev] locking user accounts doesn't really lock them.
Date:	Sat, 01 Nov 2003 11:55:15
Message-Id:	`Pine.LNX.4.58.0311011345170.2064@localhost`
In Reply to:	Re: [gentoo-dev] locking user accounts doesn't really lock them. by Kurt Lieber

1	On Fri, 31 Oct 2003, Kurt Lieber wrote:
2
3	> On Fri, Oct 31, 2003 at 01:55:13PM -0800 or thereabouts, Kevyn Shortell wrote:
4	> > It's often overlooked but a much easier method for locking a user out is
5	> > simply to change their default shell to /bin/false or something like it.
6	> > SSH keys or not, they won't be getting access to the box anytime soon
7	> > without a default shell.
8	>
9	> A valid point, but iirc, this still allows the user to do things which
10	> don't require an interactive shell. (scp, for instance)
11
12	I don't think that is the case - actually, I've managed to break scp by
13	changing bashrc output.
14
15	scp does require the user to have a valid shell.
16
17	--
18	gentoo-dev@g.o mailing list