In fact I do. And less than 1% of those servers have anything like that setup. Because people won't pay for completely useless webhosting (suprise!).
"Not sure where you got the whole nologin idea from. Not sure why you're talking about linux misconceptions. The "subject at hand" was an OSX server where they allowed ssh, which is certainly a whole lot more access than CGI on a jailed or chrooted suid nobody http account - even with CGI access."
But its exactly the same amount of access as > 99% of webhosting companies give you. Which is what I said.
"Like I said: there are thousands of OSX machines on the net right now. Acting as servers. One of them vended ssh access and got hacked. The other thousands are doing just fine."
Like I said, supplying web hosting for people is something anyone should reasonably expect to be able to do with a unix machine. OS X has lots of local root exploits which make it impossible to safely provide web hosting for people (serving up only static files is not webhosting anyone will pay for). Pretending local root exploits don't matter because "people shouldn't have shell access" is rediculous. There's legitimate reasons to have local users. And besides that, local root exploit + remote non-priviledged exploit = remote root.