Using /bin/false shell on Red Hat systems

kenneho · 10-27-2008, 07:57 AM

Hi.

I can't seem to find any good documentation on what exactly using /bin/false as a users shell implies. Does anyone know this?

I need to create a user which can authenticate (using a third party software) but not log in. Using /bin/false as a shell for that user seems to do the trick, but I'd like to understand the use of /bin/false.

And how does /bin/false differ from /sbin/nologin?

Regards,
kenneho

allez · 10-27-2008, 08:12 AM

In brief: /sbin/nologin refuses login with a corresponding message, /bin/false just does nothing and returns 1. You should simply read their very short man pages.

pixellany · 10-27-2008, 08:14 AM

Well, on my machine, /bin/false is program that appears to do nothing. It's a binary so, to see exactly what it does, you'll need to get the source code.

And this from the man page:

Code:

NAME
       false - do nothing, unsuccessfully
SYNOPSIS
       false [ignored command line arguments]
       false OPTION
DESCRIPTION
       Exit with a status code indicating failure.
<snipped>

So, if it does nothing unsuccessfully, does that mean it actually did something? No wonder they say programmers are weird.....

Seriously, what I take away is that a user logging in who is assigned "false" as his/her shell is politely informed that he/she cannot run a shell.

kenneho · 10-27-2008, 10:38 AM

Ah, I didn't find the man pages at first, but now I did.

I came across http://www.semicomplete.com/articles/ssh-security/ which describe /bin/false as a non-secure feature for use as a shell. It's definately worth a read.

And for my problem, I'm going for creating a regular user, but preventing SSH login in sshd_config.

But thanks for the advice anyways!