From owner-freebsd-current Sun Jan 28 20:54:18 2001 Delivered-To: freebsd-current@freebsd.org Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10]) by hub.freebsd.org (Postfix) with ESMTP id 451DC37B400 for ; Sun, 28 Jan 2001 20:53:58 -0800 (PST) Received: from whizzo.transsys.com (localhost.transsys.com [127.0.0.1]) by whizzo.transsys.com (8.11.1/8.11.0) with ESMTP id f0T4roq13148; Sun, 28 Jan 2001 23:53:50 -0500 (EST) (envelope-from louie@whizzo.transsys.com) Message-Id: <200101290453.f0T4roq13148@whizzo.transsys.com> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: "Jacques A. Vidrine" Cc: "Steve O'Hara-Smith" , current@FreeBSD.ORG X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg From: "Louis A. Mamakos" Subject: Re: /etc/shells #include syntax support patch References: <20010128101349.2c94539f.steveo@eircom.net> <20010128190227.B25222@spawn.nectar.com> In-reply-to: Your message of "Sun, 28 Jan 2001 19:02:27 CST." <20010128190227.B25222@spawn.nectar.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 28 Jan 2001 23:53:50 -0500 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > On Sun, Jan 28, 2001 at 10:13:49AM +0100, Steve O'Hara-Smith wrote: > > Hi, > > > > Asbestos suit on, round two. > > > > The patch below changes getusershell to support a #include syntax > > in /etc/shells. > > I guess this is what I object to. I don't particularly like having a > new directive in a configuration file which lots of applications read > directly. > > I would rather that a separate configuration file be read, for example, > with a list of shells(5) format files to consult. > > In current, this could be an optional thing, activated in nsswitch.conf, > e.g. make a ports source for shells, and activate it with: > shells: files ports > > or whatever you would like to call the source. Does this capability really need to exist (e.g., supporting many files)? It would seem like the additional complexity would be not what you want for what's essentially a security policy mechansim. Who gets to own these included files? What should their permissions be allowed to be? It doesn't seem unreasonable to have a single file with a list of allowable shells. Is this #include capability going to be added for other files that ports modify such as /etc/master.passwd and /etc/group? I dunno; maybe it's just me, but this really seems like a solution way out of proportion to the "problem" louie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message