[Pkg-shadow-devel] Users with login shell /usr/sbin/nologin
Chris Hofstaedtler
zeha at debian.org
Fri Mar 28 13:41:04 GMT 2025
* Colin Watson <cjwatson at debian.org> [250328 13:03]:
>On Fri, Mar 28, 2025 at 12:30:55PM +0100, Marc Haber wrote:
>>I have recently noticed that we ship a number of users with their shell
>>set to /usr/sbin/nologin:
>[...]
>>Hence, /usr/sbin/nologin is in login:
>>
>>[3/4959]mh at swivel:~ $ dpkg --search /usr/sbin/nologin
>>login: /usr/sbin/nologin
>>
>>which is part of util-linux but not essential (but already frozen).
>>
>>Can we live with shipping users that have their shell pointing to a file
>>that does not necessarily exist on all systems?
>>
>> [ ] No
>> [ ] for trixie
>> [ ] for forky
>> [x] yes
>
>The purpose of using /usr/sbin/nologin rather than something like
>/bin/false is really just to provide a clearer error message if you
>try to log into an account that isn't available. If you don't have
>login installed, then you're unlikely to be trying to log into an
>account, so it doesn't matter.
>
>Even if you do somehow try to log in without /usr/sbin/nologin being
>installed, you effectively just get a less clear error message. I
>think we can live with that.
Thank you for articulating so well what I couldn't earlier today.
I think this is fine.
Chris
More information about the Pkg-shadow-devel
mailing list