on a Linux system there are lot's of users by default: daemon, bin, sys, games, etc. According to my /etc/passwd most of these users have a shell assigned (/bin/sh) which seems some kind of insecure to me. My naive thinking would say: Only give those users a shell that may login to the server. Is my thinking wrong? If not completely wrong: Can I disable the shell for "daemon" and "www-data" without having side effects (e.g. the system wont start or the Apache PHP cannot excute system calls)? Thanks for your hints!