svn commit: r53262 - in head/en_US.ISO8859-1/books/handbook: network-servers security

Sergey Kandaurov pluknet at FreeBSD.org
Thu Jul 18 11:31:36 UTC 2019 

Author: pluknet
Date: Thu Jul 18 11:31:35 2019
New Revision: 53262
URL: https://svnweb.freebsd.org/changeset/doc/53262

Log:
  Consistent use of /usr/sbin/nologin.
  
  PR:		239121

Modified:
  head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
  head/en_US.ISO8859-1/books/handbook/security/chapter.xml

Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml	Wed Jul 17 07:12:10 2019	(r53261)
+++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml	Thu Jul 18 11:31:35 2019	(r53262)
@@ -1802,19 +1802,19 @@ nis_client_enable="YES"</programlisting>
 	<screen>basie&prompt.root; <userinput>cat /etc/master.passwd</userinput>
 root:[password]:0:0::0:0:The super-user:/root:/bin/csh
 toor:[password]:0:0::0:0:The other super-user:/root:/bin/sh
-daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin
-operator:*:2:5::0:0:System &:/:/sbin/nologin
-bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin
-tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin
-kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin
-games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin
-news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
-man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin
-bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin
+daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
+operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
+bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/usr/sbin/nologin
+tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
+kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
+games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin
+news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
+man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
+bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
 uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
-xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin
-pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin
-nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin
+xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/usr/sbin/nologin
+pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
+nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
 -bill:::::::::
 +:::::::::
 
@@ -2075,18 +2075,18 @@ ellington&prompt.user; <userinput>ypcat -k netgroup.by
 	user entries without allowing them to login into the servers.
 	This can be achieved by adding an extra line:</para>
 
-      <programlisting>+:::::::::/sbin/nologin</programlisting>
+      <programlisting>+:::::::::/usr/sbin/nologin</programlisting>
 
       <para>This line configures the client to import all entries but
 	to replace the shell in those entries with
-	<filename>/sbin/nologin</filename>.</para>
+	<filename>/usr/sbin/nologin</filename>.</para>
 
       <!-- Been there, done that, got the scars to prove it - ue -->
       <para>Make sure that extra line is placed
 	<emphasis>after</emphasis>
 	<literal>+ at IT_EMP:::::::::</literal>.  Otherwise, all user
 	accounts imported from <acronym>NIS</acronym> will have
-	<filename>/sbin/nologin</filename> as their login
+	<filename>/usr/sbin/nologin</filename> as their login
 	shell and no one will be able to login to the system.</para>
 
       <para>To configure the less important servers, replace the old
@@ -2095,14 +2095,14 @@ ellington&prompt.user; <userinput>ypcat -k netgroup.by
 
       <programlisting>+ at IT_EMP:::::::::
 + at IT_APP:::::::::
-+:::::::::/sbin/nologin</programlisting>
++:::::::::/usr/sbin/nologin</programlisting>
 
       <para>The corresponding lines for the workstations
 	would be:</para>
 
       <programlisting>+ at IT_EMP:::::::::
 + at USERS:::::::::
-+:::::::::/sbin/nologin</programlisting>
++:::::::::/usr/sbin/nologin</programlisting>
 
       <para>NIS supports the creation of netgroups from other
 	netgroups which can be useful if the policy regarding user
@@ -2134,12 +2134,12 @@ USERBOX   IT_EMP  ITINTERN USERS</programlisting>
 	system contains two lines starting with <quote>+</quote>.
 	The first line adds a netgroup with the accounts allowed to
 	login onto this machine and the second line adds all other
-	accounts with <filename>/sbin/nologin</filename> as shell.  It
-	is recommended to use the <quote>ALL-CAPS</quote> version of
-	the hostname as the name of the netgroup:</para>
+	accounts with <filename>/usr/sbin/nologin</filename> as shell.
+	It is recommended to use the <quote>ALL-CAPS</quote> version
+	of the hostname as the name of the netgroup:</para>
 
       <programlisting>+@<replaceable>BOXNAME</replaceable>:::::::::
-+:::::::::/sbin/nologin</programlisting>
++:::::::::/usr/sbin/nologin</programlisting>
 
       <para>Once this task is completed on all the machines, there is
 	no longer a need to modify the local versions of

Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml	Wed Jul 17 07:12:10 2019	(r53261)
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml	Thu Jul 18 11:31:35 2019	(r53262)
@@ -191,7 +191,7 @@
       <screen>&prompt.root; <userinput>pw lock <replaceable>toor</replaceable></userinput></screen>
 
       <para>The second method is to prevent login access by changing
-	the shell to <filename>/sbin/nologin</filename>.  Only the
+	the shell to <filename>/usr/sbin/nologin</filename>.  Only the
 	superuser can change the shell for other users:</para>
 
       <screen>&prompt.root; <userinput>chsh -s /usr/sbin/nologin <replaceable>toor</replaceable></userinput></screen>

More information about the svn-doc-head mailing list