Dariush Pietrzak wrote:
accounts? Do we risk breaking anything if we perform an s/\/bin\/sh$/\/bin\/false/ ?Yes, you'll run into trouble trying to run cronjobs as those system users,
No, cron jobs work just fine. I've got a user named 'mirror' with /bin/true as shell and it performs FTP mirror and rsync downloads absolutely fine.
also su user -c command won't work, you'll need to use sudo or suid bit, and that's a bit messy.
This is true, when I need to su to this user's account (for troubleshooting, usually), I need to 'chsh -s /bin/bash mirror' first (and change it back later). However, I only need to do this very seldom. And I haven't ever needed to su to daemon, bin, sys, games, man, lp, mail, news, uucp, proxy, postgres, www-data, backup, operator, list, irc, gnats, nobody, amavis or cyrus. That's the list of user accounts with shell /bin/sh on my Debian box.
Cheers, Tobias