[Pkg-shadow-devel] Re: Bug#366545: pidentd: [security] use /bin/nologin instead of /bin/false in /etc/passwd

Jari Aalto jari.aalto at cante.net
Mon Jun 19 07:14:29 UTC 2006

Previous message: [Pkg-shadow-devel] Processed: setting package to login passwd shadow, tagging 374313
Next message: [Pkg-shadow-devel] Re: Bug#366545: pidentd: [security] use /bin/nologin instead of /bin/false in /etc/passwd
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

| 
| On Tue, May 09, 2006 at 06:38:07PM +0300, Jari Aalto wrote:
| >
| >File /etc/passwd contains:
| >
| >  identd:x:100:65534::/var/run/identd:/bin/false
| >
| >SUGGESTION
| >
| >New login package includes binary nologin which provides better
| >security audition compared to /bin/false, because it logs attemps to
| >/etc/syslog. Please change to use 'nologin' in place pf 'false'
| 
| The login package in unstable has /usr/bin/nologin, not /bin/nologin
| which is a problem for systems that may not be able to mount the
| /usr file system.
| 
| Also, /usr/bin/nologin at this point in time, is not provided by
| the stable and testing versions of the login debian package.

To Shadow list: please consider moving:

  /usr/bin/nologin   => /bin/nologin

so that other packages could start using 'nologin' instead of current
/bin/false.

Jari

Previous message: [Pkg-shadow-devel] Processed: setting package to login passwd shadow, tagging 374313
Next message: [Pkg-shadow-devel] Re: Bug#366545: pidentd: [security] use /bin/nologin instead of /bin/false in /etc/passwd
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Pkg-shadow-devel mailing list