Gentoo Archives: gentoo-dev

From: Kurt Lieber <klieber@g.o>
To: gentoo-dev@g.o
Subject: Re: [gentoo-dev] locking user accounts doesn't really lock them.
Date: Fri, 31 Oct 2003 22:01:18
Message-Id: 20031031220111.GA2395@mail.lieber.org
In Reply to: Re: [gentoo-dev] locking user accounts doesn't really lock them. by Kevyn Shortell
1 On Fri, Oct 31, 2003 at 01:55:13PM -0800 or thereabouts, Kevyn Shortell wrote:
2 > It's often overlooked but a much easier method for locking a user out is
3 > simply to change their default shell to /bin/false or something like it.
4 > SSH keys or not, they won't be getting access to the box anytime soon
5 > without a default shell.
6
7 A valid point, but iirc, this still allows the user to do things which
8 don't require an interactive shell. (scp, for instance)
9
10 Ideally, there is one simple way of *completely* locking out a user from a
11 machine, short of deleting their entry in /etc/(passwd|shadow)
12
13 --kurt

Replies

Subject Author
Re: [gentoo-dev] locking user accounts doesn't really lock them. Kurt Lieber <klieber@g.o>
Re: [gentoo-dev] locking user accounts doesn't really lock them. Eldad Zack <eldad@××××××××××××××.cx>