[Pkg-shadow-devel] Bug#433587: Bug#433587: request to add /usr/sbin/nologin to /etc/shells

Wed Jul 18 07:05:35 UTC 2007

On 18 Jul 2007, Christian Perrier wrote:
> At first reaction, I am not very keen at doing this *by default*. 
> 
> nologin is intended as a replacement shell field for accounts that
> have been disabled. So, making it a valid shell defeats that. 
> 
> I recommend you to do it manually locally with add-shell(8)
> 
> Other shadow maintainers, do we have an agreement, here?

        Well, I did add it manually of course to work around the
issue.  But I think this is the exact type of situation where it
should be defined as a valid shell in /etc/shells.

        The reason to not include it would be if there is a
security situation where having it defined allows some other
unintended level of access.  If such a situation exists, then I
can understand not having it in the list.  I just wasn't aware of
any such situation whereas I clearly ran across the opposite with
vsftpd.

        Maybe including it as a debconf item would be the best
option?  Or maybe an informational notice of some kind?

        But it's whatever.  I just ran across this one situation
where it should be defined and thought that it might be something
to consider.  Thanks for thinking about it.

-- 
Mark Nipper                                                e-contacts:
4320 Milam Street                                   nipsy at bitgnome.net
Bryan, Texas 77801-3920                     http://nipsy.bitgnome.net/
(979)575-3193                      AIM/Yahoo: texasnipsy ICQ: 66971617

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GG/IT d- s++:+ a- C++$ UBL++++$ P--->+++ L+++$ !E---
W++(--) N+ o K++ w(---) O++ M V(--) PS+++(+) PE(--)
Y+ PGP t+ 5 X R tv b+++@ DI++ D+ G e(*) h r(%) y+(**)
------END GEEK CODE BLOCK------

---begin random quote of the moment---
As a computer, I find your faith in technology amusing.
----end random quote of the moment----