Your message dated Mon, 5 Dec 2005 17:21:04 -0500
with message-id <[EMAIL PROTECTED]>
and subject line conclusions regarding login without valid shell
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 31 Oct 1996 22:55:51 +0000
Received: (qmail 15139 invoked from smtpd); 31 Oct 1996 22:55:47 -0000
Received: from elfi.MI.Uni-Koeln.DE ([EMAIL PROTECTED])
by master.debian.org with SMTP; 31 Oct 1996 22:55:45 -0000
Received: from localhost by elfi.MI.Uni-Koeln.DE
with smtp id m0vJ5pf-0004JQC
(Debian /\oo/\ Smail3.1.29.1 #29.37); Thu, 31 Oct 96 23:43 MET
Date: Thu, 31 Oct 1996 23:43:27 +0100 (MET)
From: Winfried Truemper <[EMAIL PROTECTED]>
Reply-To: Winfried Truemper <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: xdm allows login without valid shell
Message-ID: <[EMAIL PROTECTED]>
Organization: XPilot Players International Lock On Target (XPILOT)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Package: xbase
Maintainer: Stephen Early <[EMAIL PROTECTED]>
Version: 3.1.2-9
"xdm" should check for a valid shell before allowing a user to access the
system.
Beside that "/bin/true" or "/bin/false" should not be assumed to be a
valid login-shell, even if they appear in /etc/shells. Reason for this:
thats the intended behaviour, if you login via telnet, /bin/true will log
you out immediatly; just as if you had no valid shell.
A common mistake is that using "/bin/true" as a login-shell prevents users
from accessing the system; the documentation of "wu-ftpd" gives that
impression.
-Winfried
---------------------------------------
Received: (at 5212-done) by bugs.debian.org; 5 Dec 2005 22:21:07 +0000
>From [EMAIL PROTECTED] Mon Dec 05 14:21:07 2005
Return-path: <[EMAIL PROTECTED]>
Received: from ms-smtp-03.nyroc.rr.com ([24.24.2.57])
by spohr.debian.org with esmtp (Exim 4.50)
id 1EjOhn-0005eS-EM; Mon, 05 Dec 2005 14:21:07 -0800
Received: from doctormoo (cpe-24-59-102-172.twcny.res.rr.com [24.59.102.172])
by ms-smtp-03.nyroc.rr.com (8.12.10/8.12.10) with ESMTP id
jB5ML4p4027183;
Mon, 5 Dec 2005 17:21:04 -0500 (EST)
Received: from neroden by doctormoo with local (Exim 4.54)
id 1EjOhk-0001fA-AZ; Mon, 05 Dec 2005 17:21:04 -0500
Date: Mon, 5 Dec 2005 17:21:04 -0500
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: conclusions regarding login without valid shell
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
From: Nathanael Nerode <[EMAIL PROTECTED]>
X-Virus-Scanned: Symantec AntiVirus Scan Engine
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_20,VALID_BTS_CONTROL
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2
tags 5212 +wontfix
thanks
It's documented in 'man 7 shadow' that the way to prevent a user from
logging in is to change his password to a string which can't come out of
crypt, specifically including ! and * as examples. 'man 7 passwd' points
to shadow(7) regarding passwords. I think that's quite sufficient
documentation of the Right Way To Do It.
Closing this bug.
--
Nathanael Nerode <[EMAIL PROTECTED]>
[Insert famous quote here]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
