Using /bin/false shell on Red Hat systems
Hi.
I can't seem to find any good documentation on what exactly using /bin/false as a users shell implies. Does anyone know this? I need to create a user which can authenticate (using a third party software) but not log in. Using /bin/false as a shell for that user seems to do the trick, but I'd like to understand the use of /bin/false. And how does /bin/false differ from /sbin/nologin? Regards, kenneho |
In brief: /sbin/nologin refuses login with a corresponding message, /bin/false just does nothing and returns 1. You should simply read their very short man pages. ;)
|
Well, on my machine, /bin/false is program that appears to do nothing. It's a binary so, to see exactly what it does, you'll need to get the source code.
And this from the man page: Code:
NAME Seriously, what I take away is that a user logging in who is assigned "false" as his/her shell is politely informed that he/she cannot run a shell. |
Ah, I didn't find the man pages at first, but now I did. :)
I came across http://www.semicomplete.com/articles/ssh-security/ which describe /bin/false as a non-secure feature for use as a shell. It's definately worth a read. And for my problem, I'm going for creating a regular user, but preventing SSH login in sshd_config. But thanks for the advice anyways! |
All times are GMT -5. The time now is 04:08 PM. |