Bug in PW

Richard Caley rjc at interactive.co.uk
Wed Jun 16 09:14:07 GMT 2004


I thin this exists in both -STABLE and -CURRENT, but I don't have a
bang up to date instalation of either, so appologies if it has been
fixed.

Tested on 5.2.1 and 4.8. may have some security implications in that
someone may think they have changed a shell (eg to /nonexistant) but
they haven't really.

Apparently, supplying -d EXITING_HOME_DIR stops -s from setting the
shell. 

        # finger fred
        Login: fred                           Name: Fred Flintstone
        Directory: /home/fred                 Shell: /usr/local/bin/bash
        Never logged in.
        No Mail.
        No Plan.

	# pw usermod fred -s /bin/sh -d /home/fred

	# finger fred
        Login: fred                           Name: Fred Flintstone
        Directory: /home/fred                 Shell: /usr/local/bin/bash
        Never logged in.
        No Mail.
        No Plan.

(ie no change)

    # pw usermod fred -s /bin/sh

    # finger fred
        Login: fred                           Name: Fred Flintstone
        Directory: /home/fred                 Shell: /bin/sh
        Never logged in.
        No Mail.
        No Plan.

(now we have changed)

        # pw usermod fred -s /usr/local/bin/bash -d /home/fred2
        pw: WARNING: home `/home/fred2' does not exist

        # finger fred
        Login: fred                           Name: Fred Flintstone
        Directory: /home/fred2                Shell: /usr/local/bin/bash
        Never logged in.
        No Mail.
        No Plan.
     
(ie setting a different home allows the shell to change)

Looks like an over-enthusiastic `if' in the code to me.

-- 
rjc at interactive.co.uk				_O_
						 |<



More information about the freebsd-stable mailing list