You are not logged in.
- Topics: Active | Unanswered
#1 2013-07-29 17:04:56
- SirWuffleton
- Member
- From: Washington, USA
- Registered: 2013-06-05
- Posts: 7
- Website
Is /usr/sbin/nologin enough for a Restricted, No-Login Cron Account?
Hi! I've decided to reinstall my server to move back to an ext4 filesystem and I'm doing some minor housekeeping as I put everything back into place.
I've historically had a separate account to run all of my cron jobs, which has explicit root access to a few command lines via sudo. From a security standpoint, is simply disabling the account with /usr/sbin/nologin, and not including it in my SSH allowed users enough?
I've seen a couple places that've gone a bit further and locked the cron account as well, but I'd have to comment 'account required pam_access.so' in my /etc/pam.d/crond file. Would this have any negative security implications? Would locking this account be a good security practice?
Thanks!
Offline
#2 2013-07-29 21:56:01
- djgera
- Developer
- From: Buenos Aires - Argentina
- Registered: 2008-12-24
- Posts: 723
- Website
Re: Is /usr/sbin/nologin enough for a Restricted, No-Login Cron Account?
Locking the password or change shell, does not disable an account, to do such thing, must set expire date 
Offline