[Pkg-shadow-devel] Bug#410221: noshell: obsoleted by nologin?

Justin Pryzby justinpryzby at users.sourceforge.net
Thu Feb 8 18:18:38 CET 2007

Package: noshell
Severity: minor
X-Debbugs-Cc: login at packages.debian.org, login at packages.qa.debian.org

The essential package "login" now includes /usr/sbin/nologin, which is
essentially the same as noshell.  Assuming it is here to stay [0], I
would suggest to have the noshell binary package removed from the
archive (but perhaps move the binary/manpage to the "titantools"

[0] login maintainers, can you comment?

If you agree, I wonder if it is reasonable for login to conflict+replace
noshell?  It could provide a symlink so that systems using noshell keep
getting login attempts logged.

BTW: /etc/shells seems to not be consulted, inconsistent with
README.Debian.  It seems its use is just for input checking with chsh,
and then only when run by e normal user.  Also see shells(5):

       Be aware that there are programs which consult this file to find out if
       a user is a normal  user.  E.g.:  ftp  daemons  traditionally  disallow
       access to users with shells not included in this file.

As such, I would recommend *not* putting no{login,shell} there, since it
is unnecessary, and since one takes the risk of an ftp program
considering them to be valid shells, and allowing access when it should
not.  You might consider adding a postinst check:

  if grep -Fx "$f" "$l" >/dev/null; then
	echo "$0: warning: $l contains an entry for $f;"
	echo "see /usr/share/doc/noshell/README.Debian"
  fi >&2

More information about the Pkg-shadow-devel mailing list