Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!uunet!crdgw1!crdgw1.ge.com!barnett
From: barnett@crdgw1.crd.ge.com (Bruce Barnett)
Newsgroups: comp.unix.wizards
Subject: Re: Multiple Root ID's considered evil?
Message-ID: <2449@crdgw1.crd.ge.com>
Date: 21 Sep 89 13:13:53 GMT
References: <435@lxn.eds.com> <347@galadriel.bt.co.uk> <4183@buengc.BU.EDU> <7383@rpi.edu>
Sender: news@crdgw1.crd.ge.com
Reply-To: barnett@crdgw1.crd.ge.com (Bruce Barnett)
Organization: GE Corp. R & D, Schenectady, NY
Lines: 17
In-reply-to: night@pawl.rpi.edu (Trip Martin)

In article <7383@rpi.edu>, night@pawl (Trip Martin) writes:
>The method I've seen, and used on at least one occasion to plug that
>hole is to make their login shell something that can't be executed,
>usually /dev/null.  I think I can guarantee that no one's going to
>log in using that account without a login shell.

Just a small point: This will not affect someone using a TOPS account.
(TOPS is Sun's Mac file server software).
That is, if someone has an account and password, but the shell of /dev/null,
they can still use the TOPS account.

Also - I seen to recall that something complained when I used /dev/null.
Perhaps a log file. I have since then used /bin/true.
I don't know which technique is better.

--
Bruce G. Barnett	<barnett@crd.ge.com>   uunet!crdgw1!barnett