Provided by: titantools_4.0.11+notdfsg1-6_amd64 bug

NAME
       noshell — shell for administrative users that should never log in


DESCRIPTION
       noshell  is  a shell that can be assigned to system users which need to be active but should never log in
       to the system. noshell helps monitor attempts to access disabled accounts and logs this into syslog.

       If a user attempts to connect to the system through an administrative user that has a valid password  and
       uses noshell  as his shell, then the use of noshell will be logged, the connection will be terminated and
       the user will be unable to gain access to the host.

       After connecting the login program might display the timestamp of the last  loging.  For  example,  in  a
       remote connection:

              hostileuser@hostile_host% ssh -l adminuser remote_host

              adminuser@remote_host's password: *******

              (System's /etc/motd)

              Last login: Sat Nov 22 23:30:41 2003 from localhost

              Connection to remote_host closed.

       If  the user is denied access, noshell will send a message to syslog using the LOG_AUTH facility. It does
       not provide any indication of wether this connection attempt was local or remote, this  information  must
       be retrieved from other logs. In the above example the following would get recorded in /var/log/authlog:

              Nov  22  23:30:41  remote_host  sshd[9950]: Accepted password for adminuser from hostile_host port
              44422 ssh2

              Nov 22 23:30:41 remote_host ssh(pam_unix)[9952]: session opened for user adminuser by (uid=1)

              Nov 22 23:30:41 remote_host noshell[9953]: Noshell warning: user adminuser login from  a  disabled
              shell

              Nov 22 23:30:41 remote_host ssh(pam_unix)[9952]: session closed for user adminuser

       In  Debian,  noshell is an alternative to the nologin shell, the latter is provided in the login package.
       The main differences between them is that noshell will not provide any information of why the access  has
       been denied.


OPTIONS
       This program does not use any option.


SEE ALSO
       shells(5), login(1), nologin(8).


AUTHOR
       This  manual  page  was  written by Javier Fernandez-Sanguino Peña <jfs@debian.org> for the Debian system
       (but may be used by others).  Permission is granted to copy, distribute and/or modify this document under
       the  terms  of the GNU General Public License, Version 2 any later version published by the Free Software
       Foundation.

       On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-
       licenses/GPL.

                                                                                                   TITANTOOLS(1)