conf/145887: /usr/sbin/nologin should be in the default
/etc/shells
Lowell Gilbert
freebsd-bugs-local at be-well.ilk.org
Wed Apr 21 16:40:05 UTC 2010
The following reply was made to PR conf/145887; it has been noted by GNATS.
From: Lowell Gilbert <freebsd-bugs-local at be-well.ilk.org>
To: Paul Hoffman <phoffman at proper.com>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: conf/145887: /usr/sbin/nologin should be in the default /etc/shells
Date: Wed, 21 Apr 2010 12:31:03 -0400
Paul Hoffman <phoffman at proper.com> writes:
> If adduser offers it as a shell, it should be listed in /etc/shells; otherwise, this kind of error will nail admins.
This is exactly what nologin is for. I wouldn't want to see all of the
daemon-owning accounts starting to pass getusershell(3).
> If it is decided not add /usr/sbin/nologin to /etc/shells, I propose that if someone tells adduser that that is a user's shell, adduser should have a warning that tells the admin that the shell they are adding is not in /etc/shells.
It does have code for to disallow shells that aren't in /etc/shells or
don't exist, but makes a special case for nologin (on the theory that
that's the whole purpose of nologin). I suppose adding such a warning
into the shell_exists() function would be okay, but I'm not sure what it
would say.
The usual way to handle your issue is to adjust the procmail
configuration, not the account's shell. I think that setting SHELL to
something useful (presumably /bin/sh) in the user's .procmailrc (or I
think you could even put this in /usr/local/etc/procmailrc) would do the
job.
>>How-To-Repeat:
> Look at the default /etc/shells
>>Fix:
> Add /usr/sbin/nologin to /etc/shells.
How about changing adduser.sh along the lines of:
175a176,177
> else
> info "if you want procmail to work with nologin
> shell, adjust .procmailrc accordingly"
[
More information about the freebsd-bugs
mailing list