Date: Mon, 18 Jun 2007 17:54:22 +0800 From: LI Xin <delphij@delphij.net> To: Yar Tikhiy <yar@FreeBSD.ORG> Cc: cvs-src@FreeBSD.ORG, src-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/etc/pam.d Makefile cron src/usr.sbin/cron/cron Makefile cron.8 cron.h database.c do_command.c src/usr.sbin/cron/lib Makefile entry.c Message-ID: <4676564E.6060105@delphij.net> In-Reply-To: <46764262.1060408@delphij.net> References: <200706171725.l5HHPr2c092609@repoman.freebsd.org> <46764262.1060408@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig932DA894C74D2DB146F614C1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable LI Xin wrote: > Hi, >=20 > Yar Tikhiy wrote: >> yar 2007-06-17 17:25:53 UTC >> >> FreeBSD src repository >> >> Modified files: >> etc/pam.d Makefile=20 >> usr.sbin/cron/cron Makefile cron.8 cron.h database.c=20 >> do_command.c=20 >> usr.sbin/cron/lib Makefile entry.c=20 >> Added files: >> etc/pam.d cron=20 >> Log: >> Add PAM support to cron(8). Now cron(8) will skip commands schedule= d >> by unavailable accounts, e.g., those locked, expired, not allowed in= at >> the moment by nologin(5), or whatever, depending on cron's pam.conf(= 5). >> This applies to personal crontabs only, /etc/crontab is unaffected. >=20 > This will silently break a lot of ports, for instance mail/mailman, > which creates nologin(5) users with crontab entry. Can we for now > (because we are near a new release) try not disabling nologin(5) users,= > and discuss a better solution? >=20 > A possible alternative is to make a pam_ftpusers(8) alike PAM module > which is marked as "sufficient" and explicitly pass /var/cron/allow > users (especially ports) to override the policy. Thanks to ru@, I should have noticed that nologin(5) is different from nologin(8) and this would not affect ports installations. Sorry for the confusion. Cheers, --=20 Xin LI <delphij@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! --------------enig932DA894C74D2DB146F614C1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGdlZOOfuToMruuMARCvUVAJ0ST17PuSUjhTOXWJWlxHV9FqCaHQCeP46d IPPVp3O5ul1/lo7tDd3dqOg= =wLG8 -----END PGP SIGNATURE----- --------------enig932DA894C74D2DB146F614C1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4676564E.6060105>