On Wednesday 26 November 2003 2:09 pm in comp.sys.sun.admin Stefaan A
Eeckels wrote:


> When a system is a pure mailhost, you should make sure
> that none of the users you (have to) create can log on
> to the system. The fact that SMTP and FTP servers require
> system user accounts is a historical accident (based on
> the multi-user nature of Unix, in those days that users
> had terminals and not PCs.) Nowadays, having to create
> users for the purpose of hosting a mailbox or allowing
> a file transfer is a security risk. One could make a
> solid case in favour of an SMTP/POP3/IMAP server that only
> uses "aliases" for the purpose of accepting and delivering
> email, and a single system user for all the file system
> activity.

Indeed, there are some fancy packages which will do this.
For small systems it is easier and cheaper to set the user's
shell to /bin/false



--
My real address is crn (at) netunix (dot) com
WARNING all messages containing attachments or html will be silently
deleted. Send only plain text.