changing 'nobody' shell to /bin/bash
Kurt Wall
kwall
Mon May 17 11:56:46 PDT 2004
Consuming 0.5K bytes, Net Llama! blathered:
> Does anyone have any concrete reasons or examples of why changing the user
> 'nobody''s shell to /bin/bash would be a bad idea? I've googled a bit and
> can't find anything concrete. thanks.
It used to be the case that 'nobody' (or, rather, the UID and GID
assigned to 'nobody') had special semantics attached to it. The numeric
value ended up wrapping to a value like -1 or -2, which severely
restricted its privileges. These days, 'nobody' is a merely mortal
user so, in principle, there's no reason that using a real shell
wouldn't work.
It's a bad idea, though, to give system accounts login shells if
they don't need them. Frankly, if I saw someone logging in on one
of my systems as "nobody", I'd start getting real worried real fast.
That said, merely mortal users should not be able to do any real
harm to a system, so giving "nobody" a shell isn't intrinsically
evil.
I'd have to ask why before making a judgement.
Kurt
--
Weiner's Law of Libraries:
There are no answers, only cross references.
More information about the Linux-users
mailing list