Conducting a user account cleanup accross Solaris and Redhat linux systems, many of which have a number of Samba shares.

What preference do people have for creating the local unix accounts for non interactive Samba users? In particular, the shell entry:

  1. noshell
  2. nologin
  3. blank

And why?



I usualy send all mine to /dev/null that way I don't ever have to worry about it. I have known some people who set it to /bin/logout so that when someone logged in they were logged back out.

+2  A: 

I have seen the shell set to the passwd command so that logging in only gives an opportunity to change the password. This may or may not be appropriate in your non-interactive user case, but it has the upside of allowing people to change passwords without bothering an admin.

Alex B
+1  A: 

I've always thought /bin/false was the standard. Some ISPs use a little menu system that lets them change their password / contact / finger info, check usages, etc. Whatever you use, you may want to add it to your /etc/shells file as well if you want the user to be able to use FTP for instance, as some services will be denied to users who are not using a shell listed in that file.

Steve Baker
I had forgotten about /usr/bin/false, thanks to your answer I did some googling. This blog post has some good information on why NOT to use /usr/bin/false: I want samba account access, perhaps this is not so much an issue for me.
Jonathan Bourke

Don't do blank. That runs /bin/sh.