Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

User account with no login shell

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers User account with no login shell
# 1  
Old 06-17-2010
User account with no login shell
Hi All,

I was reading a tutorial for Installing Tomcat on Linux machine.
(http://www.puschitz.com/InstallingTomcat.html)

Here the author had mentioned that: For security reasons I created a user account with no login shell for running the Tomcat server.
My question is:
1. What is a User Account with no login shell?
2. and what is the advantage of being a separate user rather than installing as a root user?
3. What does this "Security" words implies here. What & Which Security he is talking about.

I will feel glad, if somebody explain these things.
# 2  
Old 06-17-2010
  1. A user without a login shell is a user that can't log into a system, and thus can't run any commands interactively on that system. Still, processes can run as that user.
  2. Imagine a server process running as root with a bug that a remote attacker can use to gain local access. Any processes spawned by that process, even those unwanted, will also run as root with full system access.
  3. See 2. It ain't physical security, obviously.
# 3  
Old 06-19-2010
User account with no login shell
Thanks pludi & apologize for replying bit late.

In the meantime, I have created an installer for a Java based server in-house product. In that I have been told that, this server should run as a daemon & should get start during boot up and currently this daemon running as a ROOT user.

My question relates to same post, that should I create a:
- Separate User Account with no login shell for this product.
- And also if I login as a normal User, will the normal user still able to use the server (which is running as a daemon) OR this daemon only gets started via its own account or ROOT account (As I have to make available this daemon to ROOT + normal user as well).
# 4  
Old 06-19-2010
  • Yes, create a separate user. That way if someone manages to take over the Tomcat process, it has less impact on the system than if it were running as root
  • Yes, any other users will still be able to use the service, as any communication will be done via defined APIs that are independent of the user. In the case of Tomcat, the regular HTTP protocol will be used
# 5  
Old 06-19-2010
User account with no login
hey thanks again pludi for your valuable support......

I will certainly do the changes to my server (while installing) and again get back to you/this forum with any future queries for the same.

Also, considering the right place for a new question (other wise I will repost in the right area), i.e as I created a installer (RPM), I came across that Netbeans (netbeans-6.9-ml-linux), Flex Builder Linux Alpha (flexbuilder_linux_install_a4_081408.bin) and JDK (jdk-6u20-linux-i586-rpm.bin) dont provide any RPM but they provide a huge binary executable shell script.

My question is:
- Why these guys don't provide a RPM.
- And when I open JDK installer shell script in editplus editor, its been a bit encrypted one. How these guys putting a huge stuff in a single shell script + encrypting a maximum of code.
- If I want to re-write in the similar fashion, What resources I would required. Any links etc?

THANKS AGAIN
# 6  
Old 06-19-2010
New questions, new thread please.
This User Gave Thanks to pludi For This Post:
jw_amp
# 7  
Old 06-20-2010
I Posted in New section ..... but thanks for the valuable stuff.
Last edited by jw_amp; 06-20-2010 at 03:59 AM..
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Shell script for user account Creation

Hi Folks, I had a request to create the user request. Between, I just write a script a create, Update Geos, and update the password. My script as below: The error message, what I am getting is all the users are updated with the same Goes value.. #!/bin/bash for i in `cat users.txt`;do... (2 Replies)
Discussion started by: gsiva
2 Replies

2. Solaris

Solaris 11 user account login expired

Hi everyone Please i need urgent help... I have installed solaris 11 using live media.. then i installed sunray.. every thing is fine.. but after system reboot i am unable to login on server on GUI it gives account expired error or some time authentication failed... but i can log in through... (11 Replies)
Discussion started by: amk
11 Replies

3. UNIX for Dummies Questions & Answers

How to make each login shell history independent for same account?

Hello All, Many developers in our company use same application account to log in Linux Box for code development, how can i redirect my log in shell history to a different file to avoid history being shown to others or accidentally execute the same command which i or others executed? Thank you. (4 Replies)
Discussion started by: Ariean
4 Replies

4. AIX

User Account Login Login on your AIX server

I want to learn AIX. I would like to find someone who would be willing to give me a login to their AIX home lab server. My intent is to poke around and discover the similarities and differences of AIX compared to other *NIXs. I am a UNIX admin so I can think of what some immediate concerns may... (1 Reply)
Discussion started by: perl_in_my_shel
1 Replies

5. Shell Programming and Scripting

How to Login as another user through Shell script from current user[Not Root]

Hi Every body, I would need a shell script program to login as different user and perform some copy commands in the script. example: Supppose ora_toms is the active user ora_toms should be able to run a script where user: ftptomsp pass: XXX should login through and run the commands ... (9 Replies)
Discussion started by: ujjwal27
9 Replies

6. Shell Programming and Scripting

Create new user account and password in shell script

I am trying to create a shell script that will: check if a specific user already exists if not, create a specific group and create the user in that group assign a password to that user, where the password is passed in as a parameter to the script The problem that I need help with is 3 on... (4 Replies)
Discussion started by: killuane
4 Replies

7. Debian

password less login to root from a user account

hello friends, one user is created named "user1" I login as "user1" . Now when i do "su -" to be root user I have to give password for root . Is there any way through which we can skip giving the password to root. i.e. user1@work:~$ su - Password: xxxxxx work:~$ I don't want that... (1 Reply)
Discussion started by: pradeepreddy
1 Replies

8. Shell Programming and Scripting

auto login to Super User account

i want to write to script which will login to su account without hving user interaction.( i know Super user password) i wrote following script its also able to log into su account. but seesion gets terminates soon. what can be done ??? or is there any other solution. i don't want to use expect... (6 Replies)
Discussion started by: anup13
6 Replies

9. AIX

Can't login root account due to can't find root shell

Hi, yesterday, I changed root's shell in /etc/passwd, cause a mistake then I can not log in root account (can't find correct shell). I attempted to log in single-mode, however, it prompted for single-mode's password then I type root's password but still can not log in. I'm using AIX 5L version 5.2... (2 Replies)
Discussion started by: neikel
2 Replies

10. UNIX for Dummies Questions & Answers

Setting an account to be a non-login account automatically?

Is there a way to easily change an account to be a non login account (NP in the shadow) file? I know I can just edit the file but that is not what we want to do. We use access control software and want to provide a way to set an account to be non-login using simple commands that can be mapped... (0 Replies)
Discussion started by: LordJezo
0 Replies
Login or Register to Ask a Question