[Bug 28223] su(1) doesn't look at login.conf all the time
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Aug 22 02:05:09 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=28223
--- Comment #7 from ta0kira at gmail.com ---
This can be handled with "nologin" in login.conf, without needing to modify
su(1) (in 10.0-RELEASE, anyway.) On the other hand, it might be useful for su
to check "shell" for the login class, since it doesn't do so even with -l. So,
rather than it being used for login enforcement, I think it should be taken
into account only if -l is used, with login enforcement attained via other
means.
As far as I can tell, "shell" has no special meaning (see login_cap(3); it's
not mentioned anywhere), other than that login.access(5) mentions it, i.e.,
it's up to individual programs to check for "shell". It looks like login(1) and
sshd(8) are the only base components that do anything with "shell". It seems
that in general it's not actually supported, and it therefore probably
shouldn't be relied on for things like login enforcement.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list