nologin in /etc/shells is dangerous.. WHY?
Solution 1:
/etc/shells
contains a list of binaries that the system considers (unrestricted) shells. That means that any user that has configured one of those binaries as their shell is assumed to have full access to the system (meaning they can execute any command, provided they have the appropriate permission).
The most direct result is that they can use chsh
to change their configured shell.
If a user has a shell configured that isn't in this list, then the system assumes that he's somehow restricted. In the case of chsh
it means that the user cannot change that value.
Other programs might query that list and apply similar restrictions.
So by putting nologin
in /etc/shells
you effectively say "any user that has nologin
as its shell is considered a full, unrestricted user". That's almost certainly the exact opposite of what nologin
was meant to say.
Solution 2:
ftp doesn't provide a standard shell, it provides an ftp interface. Users that have an account even though their shell points to nologin can still access the ftp interface. In addition they'll still be able to access any other services you provide that don't require a shell as well (for example, if you have a http web interface, etc. that relies on account authentication but not shell access). This isn't necessarily a back door onto your system, but is a back door into services.