From owner-cvs-src@FreeBSD.ORG Mon Jun 18 10:06:55 2007 Return-Path: X-Original-To: cvs-src@FreeBSD.ORG Delivered-To: cvs-src@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C8A0D16A468; Mon, 18 Jun 2007 10:06:55 +0000 (UTC) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97]) by mx1.freebsd.org (Postfix) with ESMTP id 438B013C45D; Mon, 18 Jun 2007 10:06:53 +0000 (UTC) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (localhost [127.0.0.1]) by comp.chem.msu.su (8.13.4/8.13.4) with ESMTP id l5IA6NSJ008749; Mon, 18 Jun 2007 14:06:23 +0400 (MSD) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.13.4/8.13.4/Submit) id l5IA6N5a008748; Mon, 18 Jun 2007 14:06:23 +0400 (MSD) (envelope-from yar) Date: Mon, 18 Jun 2007 14:06:22 +0400 From: Yar Tikhiy To: LI Xin Message-ID: <20070618100622.GV30493@comp.chem.msu.su> References: <200706171725.l5HHPr2c092609@repoman.freebsd.org> <46764262.1060408@delphij.net> <4676564E.6060105@delphij.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4676564E.6060105@delphij.net> User-Agent: Mutt/1.5.9i Cc: cvs-src@FreeBSD.ORG, src-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/etc/pam.d Makefile cron src/usr.sbin/cron/cron Makefile cron.8 cron.h database.c do_command.c src/usr.sbin/cron/lib Makefile entry.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2007 10:06:55 -0000 On Mon, Jun 18, 2007 at 05:54:22PM +0800, LI Xin wrote: > LI Xin wrote: > > Hi, > > > > Yar Tikhiy wrote: > >> yar 2007-06-17 17:25:53 UTC > >> > >> FreeBSD src repository > >> > >> Modified files: > >> etc/pam.d Makefile > >> usr.sbin/cron/cron Makefile cron.8 cron.h database.c > >> do_command.c > >> usr.sbin/cron/lib Makefile entry.c > >> Added files: > >> etc/pam.d cron > >> Log: > >> Add PAM support to cron(8). Now cron(8) will skip commands scheduled > >> by unavailable accounts, e.g., those locked, expired, not allowed in at > >> the moment by nologin(5), or whatever, depending on cron's pam.conf(5). > >> This applies to personal crontabs only, /etc/crontab is unaffected. > > > > This will silently break a lot of ports, for instance mail/mailman, > > which creates nologin(5) users with crontab entry. Can we for now > > (because we are near a new release) try not disabling nologin(5) users, > > and discuss a better solution? > > > > A possible alternative is to make a pam_ftpusers(8) alike PAM module > > which is marked as "sufficient" and explicitly pass /var/cron/allow > > users (especially ports) to override the policy. > > Thanks to ru@, I should have noticed that nologin(5) is different from > nologin(8) and this would not affect ports installations. > > Sorry for the confusion. Thank you for raising this issue! It clearly deserved an explanation. -- Yar