Date: Fri, 26 Feb 99 13:21:42 -0800 From: Rahul Dhesi <dhesi@rahul.net> To: freebsd-current@FreeBSD.ORG Subject: Re: please don't check mail for root logins Message-ID: <199902262121.AA05324@waltz.rahul.net> In-Reply-To: Message from Ollivier Robert <roberto@keltia.freenix.fr> of Thu, 25 Feb 99 21:31:36 %2B0100
next in thread | previous in thread | raw e-mail | index | archive | help
I believe you are right about login.conf being used. But let me describe in more detail the problems I encountered with sshd. From sshd.c: /* Check if .hushlogin exists. Note that we cannot use userfile here because we are in the child. */ sprintf(line, "%.200s/.hushlogin", pw->pw_dir); quiet_login = stat(line, &st) >= 0; #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); #endif The above code sets quiet_login based on the existence of a .hushlogin file, then loses that value and sets it again from login_getcapbool, thus effectively ignoring any .hushlogin file. I tried to fix this error by changing the last assignment above to: quiet_login |= login_getcapbool(lc, "hushlogin", quiet_login); Once I did this, sshd did detect the presence of a .hushlogin file, but then it would abort with a signal (don't remember which signal), which prevented anybody from logging in who had a .hushlogin file. At this point I undid the UserLogin feature and reverted to using sshd in its native mode. Relying on login.conf to have root's mail not checked seems promising. But it seems to me that not checking root's mail ought to be the default everywhere -- in login.conf, in sshd, and in /bin/login. When the user discovers that he can't log in as root to fix a problem, it's already too late to be going back and changing the defaults. And root's mail should always be forwarded to a non-root user anyway. Rahul > Date: Thu, 25 Feb 99 21:31:36 +0100 > From: Ollivier Robert <roberto@keltia.freenix.fr> > To: freebsd-current@FreeBSD.ORG > Message-Id: <19990225213136.B12474@keltia.freenix.fr> > Subject: Re: please don't check mail for root logins > According to Rahul Dhesi: > > Good idea, thanks, and I now realize that it won't work, and neither > > will changing /bin/login -- because sshd does not seem to honor either > > one. > > The sshd in ports should honor the login.conf stuff. One of the patches > adds FreeBSD as a target with login_cap.h. > > Look into patch-af in sshd/patches. > -- > Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr > FreeBSD keltia.freenix.fr 3.0-CURRENT #69: Mon Jan 18 02:02:12 CET 1999 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902262121.AA05324>