[Pkg-shadow-devel] Bug#1021745: Fwd: Bug#1021745: passwd: /etc/passwd was edited with the wrong shell path

[Najib Bakari]

---------- Forwarded message ---------
De: Serge E. Hallyn <serge at hallyn.com>
Date: vie, 14 oct 2022 a las 17:56
Subject: Re: [Pkg-shadow-devel] Bug#1021745: passwd: /etc/passwd was edited
with the wrong shell path
To: Najib Bakari <najibbakari at gmail.com>
Cc: Serge E. Hallyn <serge at hallyn.com>


On Fri, Oct 14, 2022 at 05:34:09PM +0200, Najib Bakari wrote:
> Dear Serge Hallyn,
> My point was only about the /etc/passwd being edited, even with the check
> and warning.
>
> *> Well no, it clearly checked, and warned you.  You chose to
> ignore the warning.  *
>
> When the warning pops up, it is already too late. Check this please:
>
> #chsh
> Changing the login shell for root
> Enter the new value, or press ENTER for the default
>         Login Shell [/bin/zsh]: zsh
> chsh: Warning: zsh does not exist
>
> # chsh
> Password:
> chsh: PAM: Authentication failure
>
> Best regards
>
> Najib

Right, you'd have to reset it after seeing the warning.

This isn't something that has recently changed, it's been like this
for 25 years.

I'm open to a patch that will accept a new /etc/login.defs variable to
affect this - it could, if set, simply refuse on unknown shell, or
ask "are sure".  However, github.com/shadow-maint/shadow woudl be the
place for this.  The debian package would simply make a change to
the debian/login.defs (if it wants) to set the default.  Feel free to
create an issue or, better, submit a PR there :)

thanks,
-serge


-- 
Liebe Güße

Najib El Bakari Zagour
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-shadow-devel/attachments/20221014/b0b3f1ab/attachment.htm>