cvs commit: src/etc/pam.d Makefile cron src/usr.sbin/cron/cron
Makefile cron.8 cron.h database.c do_command.c
src/usr.sbin/cron/lib Makefile entry.c
Yar Tikhiy
yar at comp.chem.msu.su
Mon Jun 18 10:06:55 UTC 2007
On Mon, Jun 18, 2007 at 05:54:22PM +0800, LI Xin wrote:
> LI Xin wrote:
> > Hi,
> >
> > Yar Tikhiy wrote:
> >> yar 2007-06-17 17:25:53 UTC
> >>
> >> FreeBSD src repository
> >>
> >> Modified files:
> >> etc/pam.d Makefile
> >> usr.sbin/cron/cron Makefile cron.8 cron.h database.c
> >> do_command.c
> >> usr.sbin/cron/lib Makefile entry.c
> >> Added files:
> >> etc/pam.d cron
> >> Log:
> >> Add PAM support to cron(8). Now cron(8) will skip commands scheduled
> >> by unavailable accounts, e.g., those locked, expired, not allowed in at
> >> the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
> >> This applies to personal crontabs only, /etc/crontab is unaffected.
> >
> > This will silently break a lot of ports, for instance mail/mailman,
> > which creates nologin(5) users with crontab entry. Can we for now
> > (because we are near a new release) try not disabling nologin(5) users,
> > and discuss a better solution?
> >
> > A possible alternative is to make a pam_ftpusers(8) alike PAM module
> > which is marked as "sufficient" and explicitly pass /var/cron/allow
> > users (especially ports) to override the policy.
>
> Thanks to ru@, I should have noticed that nologin(5) is different from
> nologin(8) and this would not affect ports installations.
>
> Sorry for the confusion.
Thank you for raising this issue! It clearly deserved an explanation.
--
Yar
More information about the cvs-src
mailing list