The idea is that if you can't login, then cracking the OpenACS user's login via some as-yet unknown hack is less useful. <P>Once the attacker has a local login on the machine, they will try to gain root privileges through what is usually called a "local exploit".<P>I don't know which part of the docs you are referring to; but usually you would set the user's login shell to be /bin/false or some other non-shell value, in addition to setting a non-usable password (usually done by putting a * in the appropriate field of /etc/passwd or /etc/shadow).
