changing 'nobody' shell to /bin/bash
Net Llama!
netllama
Mon May 17 11:56:47 PDT 2004
On 12/11/03 18:50, Kurt Wall wrote:
> Consuming 0.5K bytes, Net Llama! blathered:
>
>>Does anyone have any concrete reasons or examples of why changing the user
>>'nobody''s shell to /bin/bash would be a bad idea? I've googled a bit and
>>can't find anything concrete. thanks.
>
>
> It used to be the case that 'nobody' (or, rather, the UID and GID
> assigned to 'nobody') had special semantics attached to it. The numeric
> value ended up wrapping to a value like -1 or -2, which severely
> restricted its privileges. These days, 'nobody' is a merely mortal
> user so, in principle, there's no reason that using a real shell
> wouldn't work.
>
> It's a bad idea, though, to give system accounts login shells if
> they don't need them. Frankly, if I saw someone logging in on one
> of my systems as "nobody", I'd start getting real worried real fast.
> That said, merely mortal users should not be able to do any real
> harm to a system, so giving "nobody" a shell isn't intrinsically
> evil.
>
> I'd have to ask why before making a judgement.
I'm just fighting with Engineering at my place of employment over their
requirements for a software release. They wanted the real shell for
nobody, and i've been pushing back.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
L. Friedman netllama at linux-sxs.org
Linux Step-by-step & TyGeMo: http://netllama.ipfox.com
8:25pm up 5 days, 1:14, 1 user, load average: 0.24, 0.36, 0.35
More information about the Linux-users
mailing list