[Pkg-shadow-devel] Users with login shell /usr/sbin/nologin
Colin Watson
cjwatson at debian.org
Fri Mar 28 12:02:55 GMT 2025
On Fri, Mar 28, 2025 at 12:30:55PM +0100, Marc Haber wrote:
>I have recently noticed that we ship a number of users with their shell
>set to /usr/sbin/nologin:
[...]
>Hence, /usr/sbin/nologin is in login:
>
>[3/4959]mh at swivel:~ $ dpkg --search /usr/sbin/nologin
>login: /usr/sbin/nologin
>
>which is part of util-linux but not essential (but already frozen).
>
>Can we live with shipping users that have their shell pointing to a file
>that does not necessarily exist on all systems?
>
> [ ] No
> [ ] for trixie
> [ ] for forky
> [x] yes
The purpose of using /usr/sbin/nologin rather than something like
/bin/false is really just to provide a clearer error message if you try
to log into an account that isn't available. If you don't have login
installed, then you're unlikely to be trying to log into an account, so
it doesn't matter.
Even if you do somehow try to log in without /usr/sbin/nologin being
installed, you effectively just get a less clear error message. I think
we can live with that.
Thanks,
--
Colin Watson (he/him) [cjwatson at debian.org]
More information about the Pkg-shadow-devel
mailing list