Mailinglist Archive: opensuse-security (211 mails)
| < Previous | Next > |
Re: [suse-security] SHELL=/bin/false but user can still log in
- From: Bob Vickers <bobv@xxxxxxxxxxxxx>
- Date: Wed, 29 Oct 2003 10:51:30 +0000 (GMT)
- Message-id: <Pine.LNX.4.53.0310291048550.13974@xxxxxxxxxxxxxxxxxxxxx>
Dirk,
The cleanest way of disabling services you don't want is with the
chkconfig command. Zapping /etc/init.d/nscd is a poor solution because the
file may be reinstalled if you upgrade.
Bob
On Wed, 29 Oct 2003, Dirk Schreiner wrote:
> Hi,
>
> deactivate that f$)%ยง)$g NSCD.
>
> Better do a cat /dev/null > /etc/init.d/nscd
> as yast in some obscure cases automatically
> activates NSCD (insserv), and I never found
> a config Option to block this reactivation.
> (Often after SW-Installation. rpm-Scripts?)
> Maybe one of the SuSE-Guys can help with this.
>
>
> And then man NSCD.
>
>
> Dirk
>
>
> Hollweg, Daniel schrieb:
> > Hi List,
> >
> > I have an problem with my SuSe 8.2 installation with all current security patches applied.
> > If I enter /bin/false as login shell in the /etc/passwd the user can still login and gets shell
> > access. After rebooting the system the shell entry in the /etc/passwd is processed correct
> > and a login attempt is closed as you would expect. Other entries like home dir in the passwd
> > are parsed correct.
> >
> > Any ideas?
> >
> > Thanks and regards
> > Daniel
> >
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>
==============================================================
Bob Vickers R.Vickers@xxxxxxxxxxxxx
Dept of Computer Science, Royal Holloway, University of London
WWW: http://www.cs.rhul.ac.uk/home/bobv
Phone: +44 1784 443691
The cleanest way of disabling services you don't want is with the
chkconfig command. Zapping /etc/init.d/nscd is a poor solution because the
file may be reinstalled if you upgrade.
Bob
On Wed, 29 Oct 2003, Dirk Schreiner wrote:
> Hi,
>
> deactivate that f$)%ยง)$g NSCD.
>
> Better do a cat /dev/null > /etc/init.d/nscd
> as yast in some obscure cases automatically
> activates NSCD (insserv), and I never found
> a config Option to block this reactivation.
> (Often after SW-Installation. rpm-Scripts?)
> Maybe one of the SuSE-Guys can help with this.
>
>
> And then man NSCD.
>
>
> Dirk
>
>
> Hollweg, Daniel schrieb:
> > Hi List,
> >
> > I have an problem with my SuSe 8.2 installation with all current security patches applied.
> > If I enter /bin/false as login shell in the /etc/passwd the user can still login and gets shell
> > access. After rebooting the system the shell entry in the /etc/passwd is processed correct
> > and a login attempt is closed as you would expect. Other entries like home dir in the passwd
> > are parsed correct.
> >
> > Any ideas?
> >
> > Thanks and regards
> > Daniel
> >
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>
==============================================================
Bob Vickers R.Vickers@xxxxxxxxxxxxx
Dept of Computer Science, Royal Holloway, University of London
WWW: http://www.cs.rhul.ac.uk/home/bobv
Phone: +44 1784 443691
| < Previous | Next > |