> From: Vineet Kumar [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 18, 2001 8:18 AM > > * Ian Perry ([EMAIL PROTECTED]) [010816 20:11]: > > Hi, > > > > Quick question. > > I have been using /dev/null to prevent shell logins (yet > still leave pop3 > > etc running) as follows: > > username:x:1000:1000:Mr User,,,:/home/homedir:/dev/null > > > > I noticed that the shell can also be put as /bin/false as in ftp > > > > I prefer /dev/null as the user is instantaneously > disconnected without any > > messages. > > Umm ... how does that make it preferable to /bin/false, which > does (from > the user's perspective) exactly the same? Note: it has nothing to do > with ftp, except that ftp users are commonly assigned this shell to
I realise this. > prevent them from logging in to a shell. I think /bin/false is a more > common approach, as it is an actual executable binary. Somehow that > makes it make more sense to call exec() on. So really, what it does is > actually run, failing, rather than failing to run (as a properly > permissioned /dev/null would do). > > The difference seems pedantic, and it should make no practical > difference. > I agree that it makes no practical difference. If I log in with /bin/false I get... Linux sydney 2.0.36 #1 Thu Sep 2 09:28:09 EST 1999 i686 unknown Copyright (C) 1993-1999 Software in the Public Interest, and others Most of the programs included with the Debian GNU/Linux system are freely redistributable; the exact distribution terms for each program are described in the individual files in /usr/doc/*/copyright Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Mon Aug 20 16:50:17 on ttyp2 from IP. No mail. With /dev/null I get nothing, not even a message. I would rather give people as little information about the system as possible. There is also a risk (however slight) that /bin/false could be replaced with a bash program. I don't believe that this could be done with /dev/null (or could it ?) BTW, 2.0.36 is incorrect, I just have not been bothered to fix it. Ian
