LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 11-17-2007, 03:36 AM   #1
reverse
Member
 
Registered: Apr 2007
Distribution: Gentoo
Posts: 337

Rep: Reputation: 30
Why does www-data have /bin/sh as a shell?


I'm looking at /etc/password and can't help but notice the following entries:

Code:
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
And I simply can not understand why the shells are not /bin/false or /usr/sbin/nologin.

Also, why is there a 'news' user on my system when I have no related software installed? (or do I? -- and how to detect said software) Same for lp, UUCP, proxy.. list.. gnats.

Last edited by reverse; 11-17-2007 at 03:38 AM.
 
Old 11-18-2007, 04:50 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,132
Blog Entries: 54

Rep: Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790
Quote:
Originally Posted by reverse View Post
why is there a 'news' user on my system
There may be a service or application running under a specific UID. Some package managers are capable of listing that kind of specs, else try 'find ' with the "-user" arg.


Quote:
Originally Posted by reverse View Post
I simply can not understand why the shells are not /bin/false or /usr/sbin/nologin.
That's part of hardening. Unfortunately users who don't know won't find out until they run auditing software like Tiger or Lsat. Changing shells to an inert one is something you have to do yourself or run SW like Bastille-Linux.
 
Old 11-18-2007, 07:35 AM   #3
reverse
Member
 
Registered: Apr 2007
Distribution: Gentoo
Posts: 337

Original Poster
Rep: Reputation: 30
The problem is, most users most likely don't care about further securing their syststem (perhaps thinking updating is enough or "linux is secure by default" <- result of bad propaganda) , let alone run auditing software.

Debian Specific: Given that the Debian Security How-To, turned into a book, would be over 100 pages long, and given that's just basic/minimal security.. I don't know how many users are willing to go through *THAT*.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
gcc cant run in www/cgi-bin g-mey Linux - Server 2 09-05-2006 03:27 AM
c program cant run in www/cgi-bin g-mey Linux - Software 1 09-05-2006 02:46 AM
add www-data user restless Linux - Newbie 1 06-01-2004 07:51 AM


All times are GMT -5. The time now is 06:14 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration