Security of adding users for "accounts" ??
Lowell Gilbert
freebsd-questions-local at be-well.no-ip.com
Mon Jul 21 14:04:01 PDT 2003
Mark <mw at lanfear.com> writes:
> i hope this isn't too silly a question, but one of the really easy
> ways we've found to manage "accounts" for customers is to just go and
> create actual unix accounts for them on our FreeBSD boxes, which helps
> us organise everything from directories to where programs look for
> their info, etc ...
>
> now, to keep things "safer", we always deny the accounts shell
> access by setting the shell field in /etc/passwd to /sbin/nologin
>
>
> but ....
>
>
> we're still wondering if there are any security implications to
> consider from doing this, and if there are any other, perhaps better
> ways to manage non-trivial numbers of customer accounts ... we're
> only in the dozens now, but it may get into the hundreds in the
> future.
There's an ISP list that would probably cover this better, but my
answer would be that it depends on what you want to *permit* these
users to do. If there are several functions they need to access, then
giving them real accounts is probably the best way. If all you want
is to give them FTP access (for example), though, then you might do
better by finding an FTP daemon that supports its own idea of a user
database.
More information about the freebsd-questions
mailing list