Date: Wed, 21 Apr 2010 16:40:05 GMT From: Lowell Gilbert <freebsd-bugs-local@be-well.ilk.org> To: freebsd-bugs@FreeBSD.org Subject: Re: conf/145887: /usr/sbin/nologin should be in the default /etc/shells Message-ID: <201004211640.o3LGe5iK020835@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/145887; it has been noted by GNATS. From: Lowell Gilbert <freebsd-bugs-local@be-well.ilk.org> To: Paul Hoffman <phoffman@proper.com> Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: conf/145887: /usr/sbin/nologin should be in the default /etc/shells Date: Wed, 21 Apr 2010 12:31:03 -0400 Paul Hoffman <phoffman@proper.com> writes: > If adduser offers it as a shell, it should be listed in /etc/shells; otherwise, this kind of error will nail admins. This is exactly what nologin is for. I wouldn't want to see all of the daemon-owning accounts starting to pass getusershell(3). > If it is decided not add /usr/sbin/nologin to /etc/shells, I propose that if someone tells adduser that that is a user's shell, adduser should have a warning that tells the admin that the shell they are adding is not in /etc/shells. It does have code for to disallow shells that aren't in /etc/shells or don't exist, but makes a special case for nologin (on the theory that that's the whole purpose of nologin). I suppose adding such a warning into the shell_exists() function would be okay, but I'm not sure what it would say. The usual way to handle your issue is to adjust the procmail configuration, not the account's shell. I think that setting SHELL to something useful (presumably /bin/sh) in the user's .procmailrc (or I think you could even put this in /usr/local/etc/procmailrc) would do the job. >>How-To-Repeat: > Look at the default /etc/shells >>Fix: > Add /usr/sbin/nologin to /etc/shells. How about changing adduser.sh along the lines of: 175a176,177 > else > info "if you want procmail to work with nologin > shell, adjust .procmailrc accordingly" [
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201004211640.o3LGe5iK020835>