From owner-freebsd-bugs@FreeBSD.ORG Thu Apr 29 17:01:09 2010 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B6D31065672 for ; Thu, 29 Apr 2010 17:01:09 +0000 (UTC) (envelope-from phoffman@proper.com) Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by mx1.freebsd.org (Postfix) with ESMTP id 058D48FC16 for ; Thu, 29 Apr 2010 17:01:08 +0000 (UTC) Received: from [10.20.30.158] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id o3TH0xM4030041 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Apr 2010 10:01:00 -0700 (MST) (envelope-from phoffman@proper.com) Mime-Version: 1.0 Message-Id: In-Reply-To: <44och29tew.fsf@be-well.ilk.org> References: <201004201507.o3KF7Ydf006145@www.freebsd.org> <44vdbk6a48.fsf@be-well.ilk.org> <44mxww5ta3.fsf@be-well.ilk.org> <44och29tew.fsf@be-well.ilk.org> Date: Thu, 29 Apr 2010 10:00:56 -0700 To: Lowell Gilbert From: Paul Hoffman Content-Type: text/plain; charset="us-ascii" Cc: freebsd-bugs@freebsd.org Subject: Re: conf/145887: /usr/sbin/nologin should be in the default /etc/shells X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Apr 2010 17:01:09 -0000 At 11:20 AM -0400 4/29/10, Lowell Gilbert wrote: >I haven't been doing a very good job explaining myself. Maybe someone >else will (eventually) do a better job. Or whap me in the head for >being wrong... > >Paul Hoffman writes: > >> The problem is that many servers in the ports collection (such as mail access programs like qpoper) will only let clients connect if the client has a shell that is listed in /etc/shells. From a security standpoint, it would be obviously better to give these users the ability to act as clients but not to be able to log in using the shells that are listed by default (sh, csh, or tcsh). >> >> It sounds like you are suggesting that these users should be given a *different* shell, and that shell be added to /etc/shells. Why would that be any better than adding /usr/sbin/nologin to /etc/shells? > >Exactly right. The reason it's better is that you wouldn't be opening >up existing nologin users to be able to receive mail, FTP in, and so >on. It's okay if you want to do that on your box, but doing it by >default would be an unreasonable breach of the so-called "Principle of >Least Astonishment," and one involving potential security problems at >that. I can buy that, but then there should be two shells, not one: - /usr/sbin/sysnologin is not listed by default in /etc/shells - /usr/sbin/nologin is listed by default in /etc/shells The two are the exact same program; the only differences are the name and the inclusion. Do others agree on this thought?