[Pkg-shadow-devel] Bug#719890: login should fallback to /bin/sh if shell in /etc/passwd fails

Bob Proulx bob at proulx.com
Fri Aug 16 17:30:13 UTC 2013


Thomas Koch wrote:
> I thought it would be a sane thing if login would fallback to /bin/sh if
> - - the shell is not an executable (or not there)

This is a long standing method for people to use to disable logins.
Changing that would be a very bad thing.  Even if it isn't the
canonical "best" way to do it these days.

> - - the shell process exits with non-zero

The shell often exits non-zero.  For example you could type 'exit 1'.
And also when a network drops offline and a SIGHUP is sent to the
foreground processes.

> - - the shell process exits too fast

This also often happens when a user has an error in their .profile or
other shell init files.  Rotating over to the sh in that case would
cause first errors from one shell such as bash and then again
different errors from sh which would be very confusing.

> Bdale explained me, that it might most probably be a very stupid
> thing not to have a fallback user account and no login password for
> root. But we might consider helping stupid users too.

There are many ways to break things.  Perhaps an infinite number.
There is always enough rope to shoot yourself in the foot.  But if you
prevent stupid things you also prevent clever things.  Most people use
Unix like systems because the ability to do clever things is more
important than the inability to do stupid things.

Bob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20130816/e1ff6cc9/attachment.sig>


More information about the Pkg-shadow-devel mailing list