Re: User?s and Shells

From: Philipp Schulte (pschulte@uni-duisburg.de)
Date: 12/19/02

  • Next message: Christian Hammers: "Re: User?s and Shells"
    Date: Thu, 19 Dec 2002 21:04:06 +0100
    From: Philipp Schulte <pschulte@uni-duisburg.de>
    To: "'focus-linux@securityfocus.com'" <focus-linux@securityfocus.com>
    
    

    OTERO Hernan Gustavo EDS wrote:

    > Looking in the /etc/passwd in my RH 8.0 instalation, the users
    >
    > news:x:9:13:news:/etc/news:
    > rpm:x:37:37::/var/lib/rpm:/bin/bash
    >
    > has shell. Why this users need shell?

    I don't know why RH does this. But having a valid shell in /etc/passwd
    is not sufficent for an attacker. The account also must have a valid
    password in /etc/shadow (or wherever your OS keeps them). Usually the
    role-accounts look somewhat like this:

    bin:*:9797:0:::::
    ftp:*:9797:0:::::
    daemon:*:9797:0:::::
    adm:*:9797:0:::::

    The "*" or some other symbol like "!" means, that this is not a valid
    password and so nobody can enter a correct password for this account.
    Phil