Am 17. Sep, 2002 schwätzte Kevin Brown so:

> Use useradd and set the shell to /bin/false.  This prevents a user from
> logging in as that account (even if they guess the password).

Excellent extra step. Locking the account will prevent guessing passwords,
though.

Don't change system acount shells to /bin/false, though. It is helpful, for
instance to su to postgres. Also, if the dist has an account with a shell
that shouldn't have it, the proper fix is to file a bug report and get the
dist to fix it.

ciao,

der.hans
-- 
#  https://www.LuftHans.com/    http://www.TOLISGroup.com/
#  I've got a photographic memory,
#  but I'm lousy photographer. - der.hans