Multiple Root ID's considered evil?
Bruce Barnett
barnett at crdgw1.crd.ge.com
Thu Sep 21 23:13:53 AEST 1989
In article <7383 at rpi.edu>, night at pawl (Trip Martin) writes:
>The method I've seen, and used on at least one occasion to plug that
>hole is to make their login shell something that can't be executed,
>usually /dev/null. I think I can guarantee that no one's going to
>log in using that account without a login shell.
Just a small point: This will not affect someone using a TOPS account.
(TOPS is Sun's Mac file server software).
That is, if someone has an account and password, but the shell of /dev/null,
they can still use the TOPS account.
Also - I seen to recall that something complained when I used /dev/null.
Perhaps a log file. I have since then used /bin/true.
I don't know which technique is better.
--
Bruce G. Barnett <barnett at crd.ge.com> uunet!crdgw1!barnett
More information about the Comp.unix.wizards
mailing list