12-08-2020, 08:53 AM
(This post was last modified: 12-08-2020, 08:57 AM by UpsiUps.
Edit Reason: added conclusion
)
(12-07-2020, 03:18 PM)Tim Curtis Wrote: ... Quote reduced ...
So even though those two accounts are assigned to the bash shell their passwords are locked which effectively prevents using those accounts to log into the system.
You could try changing the assigned shell for those two accounts to /usr/sbin/nologin and let us know if anything breaks.
Yepp it works. I did the the following:
Code:
sudo usermod -s /usr/sbin/nologin mpd
sudo usermod -s /usr/sbin/nologin upmpdcli
# changing the home directory only works when mpd is stopped. You need to be fast as the watchdog may restart the service faster
sudo service mpd stop
sudo usermod -d /nonexistent mpd
sudo usermod -d /nonexistent upmpdcliSo in generic there is only one user needed, which is pi. All other users could use the same setup (nologin and nonexistent home)
If you want to secure your system more, you could also remove the standard pi user or as a first step disable remote login per ssh.
