https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=28223
--- Comment #7 from [email protected] --- This can be handled with "nologin" in login.conf, without needing to modify su(1) (in 10.0-RELEASE, anyway.) On the other hand, it might be useful for su to check "shell" for the login class, since it doesn't do so even with -l. So, rather than it being used for login enforcement, I think it should be taken into account only if -l is used, with login enforcement attained via other means. As far as I can tell, "shell" has no special meaning (see login_cap(3); it's not mentioned anywhere), other than that login.access(5) mentions it, i.e., it's up to individual programs to check for "shell". It looks like login(1) and sshd(8) are the only base components that do anything with "shell". It seems that in general it's not actually supported, and it therefore probably shouldn't be relied on for things like login enforcement. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
