> >> You add users by modifying /etc/passwd with no updates to /etc/shadow.
> >> Methinks this is not the optimal solution.  Should they not be kept in
> >
> >Not when we have tools like useradd, usermod, userdel, groupadd, groupmod
> >and groupdel. Those're also easily scriptable.
> 
> Hmm.  I must have missed some emails.  I don't see George's
> original suggestion(s).  In any case, what's the verdict here, O
> wizards?  Should I change the doc to have user accounts created
> via useradd?  Note that later in the procedure, I put the text
> "NP" in /etc/passwd for the password of each of the accounts
> vscan and amavisd.  My understanding is it is thus impossible to
> log in using these accounts, and so the accounts are secure.  Am
> I off here?

Use useradd and set the shell to /bin/false.  This prevents a user from logging
in as that account (even if they guess the password).