Provided by: titantools_4.0.11+notdfsg1-5build1_amd64 bug

NAME
       noshell — shell for administrative users that should never log in


DESCRIPTION
       noshell is a shell that can be assigned to system users which need to be active but should
       never log in to the system. noshell helps monitor attempts to access disabled accounts and
       logs this into syslog.

       If  a  user  attempts  to  connect to the system through an administrative user that has a
       valid password and uses noshell  as his shell, then the use of noshell will be logged, the
       connection will be terminated and the user will be unable to gain access to the host.

       After  connecting  the  login  program might display the timestamp of the last loging. For
       example, in a remote connection:

              hostileuser@hostile_host% ssh -l adminuser remote_host

              adminuser@remote_host's password: *******

              (System's /etc/motd)

              Last login: Sat Nov 22 23:30:41 2003 from localhost

              Connection to remote_host closed.

       If the user is denied access, noshell will send a message to  syslog  using  the  LOG_AUTH
       facility.  It  does not provide any indication of wether this connection attempt was local
       or remote, this information must be retrieved from other logs. In the  above  example  the
       following would get recorded in /var/log/authlog:

              Nov  22  23:30:41  remote_host  sshd[9950]:  Accepted  password  for adminuser from
              hostile_host port 44422 ssh2

              Nov 22 23:30:41 remote_host ssh(pam_unix)[9952]: session opened for user  adminuser
              by (uid=1)

              Nov  22  23:30:41  remote_host noshell[9953]: Noshell warning: user adminuser login
              from a disabled shell

              Nov 22 23:30:41 remote_host ssh(pam_unix)[9952]: session closed for user adminuser

       In Debian, noshell is an alternative to the nologin shell, the latter is provided  in  the
       login  package.  The  main  differences  between them is that noshell will not provide any
       information of why the access has been denied.


OPTIONS
       This program does not use any option.


SEE ALSO
       shells(5), login(1), nologin(8).


AUTHOR
       This manual page was written by Javier Fernandez-Sanguino Peña  <jfs@debian.org>  for  the
       Debian  system  (but  may  be  used by others).  Permission is granted to copy, distribute
       and/or modify this document under the terms of the GNU General Public License,  Version  2
       any later version published by the Free Software Foundation.

       On  Debian  systems,  the  complete text of the GNU General Public License can be found in
       /usr/share/common-licenses/GPL.

                                                                                    TITANTOOLS(1)