[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SHELL=/bin/false but user can still log in



Hi,

deactivate that f$)%§)$g NSCD.

Better do a cat /dev/null > /etc/init.d/nscd
as yast in some obscure cases automatically
activates NSCD (insserv), and I never found
a config Option to block this reactivation.
(Often after SW-Installation. rpm-Scripts?)
Maybe one of the SuSE-Guys can help with this.


And then man NSCD.


Dirk


Hollweg, Daniel schrieb:
Hi List,

I have an problem with my SuSe 8.2 installation with all current security patches applied.
If I enter /bin/false as login shell in the /etc/passwd the user can still login and gets shell access. After rebooting the system the shell entry in the /etc/passwd is processed correct and a login attempt is closed as you would expect. Other entries like home dir in the passwd
are parsed correct.

Any ideas?

Thanks and regards
Daniel



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here