I just uploaded a version of shadow that provides scripts for the maintenance of /etc/shells. I decided very quickly when I became the shadow maintainer that I didn't want to (and probably wasn't qualified to be) an arbiter of acceptable shells.
So: /etc/shells is no longer a config file, but is maintained by the add-shell and remove-shell programs. So, if a package contains something that the maintainer thinks ought to be a valid login shell, it's postinst should, (on initial install only, to allow a sysadmin to take it out again), run: /usr/sbin/add-shell /path/to/shell In the postrm, probably on remove, the package should call /usr/sbin/remove-shell /path/to/shell Packages using this mechanism must declare a dependency on passwd (>= 4.0.3-10). As the various shells start to use it, the default shells list will start getting shorter, but that's not expected to happen until at least sarge+1. (you will be able find the above documentary verbiage in /usr/share/doc/passwd/README.shells) share and enjoy kcr