On Wed, Jul 18, 2007 at 02:05:35AM -0500, Mark Nipper wrote: > On 18 Jul 2007, Christian Perrier wrote: > > At first reaction, I am not very keen at doing this *by default*. > > > > nologin is intended as a replacement shell field for accounts that > > have been disabled. So, making it a valid shell defeats that. > > > > I recommend you to do it manually locally with add-shell(8) > > > > Other shadow maintainers, do we have an agreement, here? > > Well, I did add it manually of course to work around the > issue. But I think this is the exact type of situation where it > should be defined as a valid shell in /etc/shells. > > The reason to not include it would be if there is a > security situation where having it defined allows some other > unintended level of access. If such a situation exists, then I > can understand not having it in the list. I just wasn't aware of > any such situation whereas I clearly ran across the opposite with > vsftpd. Yeah, see shells(5) and related bug #429697 against "noshell", in particular msg 10.
I think only "normal" shells should be listed in /etc/shells by default. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
