[Pkg-shadow-devel] Bug#410221: noshell: obsoleted by nologin?
Justin Pryzby
justinpryzby at users.sourceforge.net
Thu Feb 8 18:18:38 CET 2007
Package: noshell
Severity: minor
X-Debbugs-Cc: login at packages.debian.org, login at packages.qa.debian.org
The essential package "login" now includes /usr/sbin/nologin, which is
essentially the same as noshell. Assuming it is here to stay [0], I
would suggest to have the noshell binary package removed from the
archive (but perhaps move the binary/manpage to the "titantools"
package?).
[0] login maintainers, can you comment?
If you agree, I wonder if it is reasonable for login to conflict+replace
noshell? It could provide a symlink so that systems using noshell keep
getting login attempts logged.
BTW: /etc/shells seems to not be consulted, inconsistent with
README.Debian. It seems its use is just for input checking with chsh,
and then only when run by e normal user. Also see shells(5):
Be aware that there are programs which consult this file to find out if
a user is a normal user. E.g.: ftp daemons traditionally disallow
access to users with shells not included in this file.
As such, I would recommend *not* putting no{login,shell} there, since it
is unnecessary, and since one takes the risk of an ftp program
considering them to be valid shells, and allowing access when it should
not. You might consider adding a postinst check:
f=/sbin/noshell
l=/etc/shells
if grep -Fx "$f" "$l" >/dev/null; then
echo "$0: warning: $l contains an entry for $f;"
echo "see /usr/share/doc/noshell/README.Debian"
fi >&2
More information about the Pkg-shadow-devel
mailing list