1 |
On Fri, Oct 31, 2003 at 01:55:13PM -0800 or thereabouts, Kevyn Shortell wrote: |
2 |
> It's often overlooked but a much easier method for locking a user out is |
3 |
> simply to change their default shell to /bin/false or something like it. |
4 |
> SSH keys or not, they won't be getting access to the box anytime soon |
5 |
> without a default shell. |
6 |
|
7 |
A valid point, but iirc, this still allows the user to do things which |
8 |
don't require an interactive shell. (scp, for instance) |
9 |
|
10 |
Ideally, there is one simple way of *completely* locking out a user from a |
11 |
machine, short of deleting their entry in /etc/(passwd|shadow) |
12 |
|
13 |
--kurt |