conf/145887: /usr/sbin/nologin should be in the default
phoffman at proper.com
Thu Apr 29 17:01:09 UTC 2010
At 11:20 AM -0400 4/29/10, Lowell Gilbert wrote:
>I haven't been doing a very good job explaining myself. Maybe someone
>else will (eventually) do a better job. Or whap me in the head for
>Paul Hoffman <phoffman at proper.com> writes:
>> The problem is that many servers in the ports collection (such as mail access programs like qpoper) will only let clients connect if the client has a shell that is listed in /etc/shells. From a security standpoint, it would be obviously better to give these users the ability to act as clients but not to be able to log in using the shells that are listed by default (sh, csh, or tcsh).
>> It sounds like you are suggesting that these users should be given a *different* shell, and that shell be added to /etc/shells. Why would that be any better than adding /usr/sbin/nologin to /etc/shells?
>Exactly right. The reason it's better is that you wouldn't be opening
>up existing nologin users to be able to receive mail, FTP in, and so
>on. It's okay if you want to do that on your box, but doing it by
>default would be an unreasonable breach of the so-called "Principle of
>Least Astonishment," and one involving potential security problems at
I can buy that, but then there should be two shells, not one:
- /usr/sbin/sysnologin is not listed by default in /etc/shells
- /usr/sbin/nologin is listed by default in /etc/shells
The two are the exact same program; the only differences are the name and the inclusion.
Do others agree on this thought?
More information about the freebsd-bugs