[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
/bin/false --help
to realize that it is non-trivial and might not be trustworthy.
"info false" claims
This version of `false' is implemented as a C program, and is thus
more secure and faster than a shell script implementation, and may
safely be used as a dummy shell for the purpose of disabling accounts.
However if "file /bin/false" suggests a script on your system try
/bin/date or /dev/null.
For non-root users I'd not be to worried as if there are no logins or
shell escapes, how does one send it an interrupt? Watch out for those
shell escapes; most large interactive programs offer them.
> > I think you are correct in this. /bin/false _used_ to be a special "null
> > shell" replacement. In RedHat it exists and and does load a bash shell
> > to run from.
> [mhw at alcove mhw]$ cat /etc/issue
> Red Hat Linux release 7.3 (Valhalla)
> Kernel \r on an \m
> [mhw at alcove mhw]$ file /bin/false
> /bin/false: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), stripped
> [mhw at canyon mhw]$ cat /etc/issue
> Fedora Core release 1 (Yarrow)
> Kernel \r on an \m
> [mhw at canyon mhw]$ file /bin/false
> /bin/false: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), stripped
> [mhw at canyon mhw]$
> Use to be true. May still be true on SCO Unix. :-) Hasn't been
> true on any recent versions of RedHat.
> That being said, I also agree that using /bin/false is bad practice,
> not because it's a shell script but because it MIGHT be. Develop a bad
> habit and switch to another OS and get burned. Use nologin.
> > --
> > James P. Kinney III \Changing the mobile computing world/
> > CEO & Director of Engineering \ one Linux user /
> > Local Net Solutions,LLC \ at a time. /
> > 770-493-8244 \.___________________________./
> > <a rel="nofollow" href="http://www.localnetsolutions.com";>http://www.localnetsolutions.com</a>
> >
> > GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> > <jkinney at localnetsolutions.com>
> > Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
> --
> Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 | <a rel="nofollow" href="http://www.wittsend.com/mhw/";>http://www.wittsend.com/mhw/</a>
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Bob Toxen
bob at verysecurelinux.com [Please use for email to me]
<a rel="nofollow" href="http://www.verysecurelinux.com";>http://www.verysecurelinux.com</a> [Network&Linux/Unix security consulting]
<a rel="nofollow" href="http://www.realworldlinuxsecurity.com";>http://www.realworldlinuxsecurity.com</a> [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00028" href="msg00028.html">[ale] how to create user with no password</a></strong>
<ul><li><em>From:</em> dmcnash at charter.net (Doug McNash)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00009.html">[ale] memory check in bios</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00011.html">[ale] how to create user with no password</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00013.html">[ale] memory check in bios</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00028.html">[ale] how to create user with no password</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00010"><strong>Date</strong></a></li>
<li><a href="threads.html#00010"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>