[Pkg-shadow-devel] Bug#433587: Bug#433587: request to add /usr/sbin/nologin to /etc/shells

Justin Pryzby jpryzby at quoininc.com
Wed Jul 18 12:33:59 UTC 2007

On Wed, Jul 18, 2007 at 02:05:35AM -0500, Mark Nipper wrote:
> On 18 Jul 2007, Christian Perrier wrote:
> > At first reaction, I am not very keen at doing this *by default*. 
> > 
> > nologin is intended as a replacement shell field for accounts that
> > have been disabled. So, making it a valid shell defeats that. 
> > 
> > I recommend you to do it manually locally with add-shell(8)
> > 
> > Other shadow maintainers, do we have an agreement, here?
>         Well, I did add it manually of course to work around the
> issue.  But I think this is the exact type of situation where it
> should be defined as a valid shell in /etc/shells.
>         The reason to not include it would be if there is a
> security situation where having it defined allows some other
> unintended level of access.  If such a situation exists, then I
> can understand not having it in the list.  I just wasn't aware of
> any such situation whereas I clearly ran across the opposite with
> vsftpd.
Yeah, see shells(5) and related bug #429697 against "noshell", in
particular msg 10.

I think only "normal" shells should be listed in /etc/shells by

More information about the Pkg-shadow-devel mailing list