From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-7899-arch-gentoo-dev=gentoo.org@gentoo.org>
Received: (qmail 1144 invoked by uid 1002); 1 Nov 2003 11:55:15 -0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 21001 invoked from network); 1 Nov 2003 11:55:14 -0000
Date: Sat, 1 Nov 2003 13:50:14 +0200 (IST)
From: Eldad Zack <eldad@stoneshaft.ath.cx>
To: Kurt Lieber <klieber@gentoo.org>
Cc: gentoo-dev@gentoo.org
In-Reply-To: <20031031220111.GA2395@mail.lieber.org>
Message-ID: <Pine.LNX.4.58.0311011345170.2064@localhost>
References: <20031031212727.GZ2395@mail.lieber.org> <1067637313.2158.15.camel@localhost>
 <20031031220111.GA2395@mail.lieber.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Re: [gentoo-dev] locking user accounts doesn't really lock them.
X-Archives-Salt: e6163189-766a-48ba-bf4a-e1982b0a277f
X-Archives-Hash: 3f36aee0deaaaba5a11f6af68fb6a9da



On Fri, 31 Oct 2003, Kurt Lieber wrote:

> On Fri, Oct 31, 2003 at 01:55:13PM -0800 or thereabouts, Kevyn Shortell wrote:
> > It's often overlooked but a much easier method for locking a user out is
> > simply to change their default shell to /bin/false or something like it.
> > SSH keys or not, they won't be getting access to the box anytime soon
> > without a default shell.
> 
> A valid point, but iirc, this still allows the user to do things which
> don't require an interactive shell.  (scp, for instance)  

I don't think that is the case - actually, I've managed to break scp by 
changing bashrc output.

scp does require the user to have a valid shell.

--
gentoo-dev@gentoo.org mailing list