Your Distro is Insecure: Ubuntu
Ante Karamatić
ivoks at grad.hr
Tue Apr 14 19:37:37 UTC 2009
U Uto, 14. 04. 2009., u 13:11 -0600, Alberto Sierra je napisao/la:
> I think i know the difference between /bin/sh and /bin/false, but i
> still don't know why irc (and some others) have interactive shells...
> are they needed? what for?
It helps with debugging. For example, slapd is runing under openldap
user and group. openldap user doesn't have interactive shell since you
can run slapd with options so that it runs with openldap's privileges.
But there are programs which can't fork to another user, so if you want
to debug it, you have to su into that user. With /bin/false that's
impossible.
There's also 'su system_user -c command' argument, which doesn't work
with /bin/false.
There are probably other arguments, I'm aware of this one. I've never
put much of thought in it. It doesn't have password, you can't log in as
that user. You can only su into it as root.
On the other hand, why is it wrong to have interactive shell for a
system user?
More information about the ubuntu-server
mailing list