APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

2005/03/12 noshell


© March 2005 Tony Lawrence

This is designed to be a shell for users you don't want to have a shell.

It's probably unnecessary on most modern systems which have binary "shells" for this purpose (/sbin/nologin or /sbin/false). On older systems, these "no shell" shells were shell scripts, which rather obviously use a real shell and thus have at least the potential for abuse. Consequently, the old practice often was to use /dev/null as the "shell". The only problem with that is that you get no logging; "noshell" and the other modern equivalents will log the access attempt to syslog.

This stuff can get complicated though. Having a user with a nologin shell isn't just for system accounts. On many systems, we have users who we want to give mail or ftp or samba access too but just don't want them able to log in. How those other programs react depends upon them: they may just not care, or may want to see the shell at least listed in /etc/shells. How you feel about their preferences depends on what you do and do not want to allow the user to do, and it all may get nasty enough that you need to involve iptables or PAM or all three to get the control required.

Someday perhaps all of this will be in one place.


Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> noshell -'no login' shell


Inexpensive and informative Apple related e-books:

Are Your Bits Flipped?

Take Control of High Sierra

Take Control of iCloud, Fifth Edition

El Capitan: A Take Control Crash Course

Photos: A Take Control Crash Course




More Articles by © Tony Lawrence




Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





Technology is both a tool for helping humans and for destroying them. This is the paradox of our times which we're compelled to face (Frank Herbert).




Linux posts

Troubleshooting posts


This post tagged:

Security



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode





SCO Unix Sales, Support, & Service

Phone:  707-SCO-UNIX (707-726-8649Toll Free: 833-SCO-UNIX (833-726-8649)
www.SCOsales.com