conf/145887: /usr/sbin/nologin should be in the default /etc/shells

[Paul Hoffman]

>Number:         145887
>Category:       conf
>Synopsis:       /usr/sbin/nologin should be in the default /etc/shells
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 20 15:10:05 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Paul Hoffman
>Release:        8.0
>Organization:
>Environment:
FreeBSD hoffman.proper.com 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Tue Jan  5 16:02:27 UTC 2010     root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
I just migrated to a new machine, and a bunch of mail was bounced until it was reported to me by the users. It turns out that procmail won't copy mail to a file unless the user's default shell is listed in /etc/shells. However, /usr/sbin/nologn (which is what many of us use for mail-only users) is not in /etc/shells by default, even though it is offered as a shell by adduser.

If adduser offers it as a shell, it should be listed in /etc/shells; otherwise, this kind of error will nail admins.

If it is decided not add /usr/sbin/nologin to /etc/shells, I propose that if someone tells adduser that that is a user's shell, adduser should have a warning that tells the admin that the shell they are adding is not in /etc/shells.
>How-To-Repeat:
Look at the default /etc/shells
>Fix:
Add /usr/sbin/nologin to /etc/shells.

>Release-Note:
>Audit-Trail:
>Unformatted: