tags 660862 + patch pending thanks On Fri, Nov 23, 2012 at 10:11:03PM +0000, Roger Leigh wrote: > On Fri, Nov 23, 2012 at 10:05:07PM +0000, Roger Leigh wrote: > > On Fri, Nov 23, 2012 at 03:49:15PM +0100, Carlos Alberto Lopez Perez wrote: > > > Such symlink was created by an upgrade of the package initscripts on a > > > system running Debian/Squeeze. > > > > > > > > > Here is the relevant part: > > > > > > > > > $ grep -C3 /etc/nologin sysvinit-2.88dsf/debian/initscripts.postinst > > > # Set up nologin symlink so that dynamic-login-disabling will work > > > # (when DELAYLOGIN is set to "yes") > > > # > > > if [ ! -L /etc/nologin ] && [ ! -e /etc/nologin ] > > > then > > > rm -f /var/lib/initscripts/nologin > > > ln -s /var/lib/initscripts/nologin /etc/nologin > > > fi > > > > > > I don't know why the postinst script does that. Can somebody explain? > > > > Looking at the history in git, this was done for the migration > > of /etc/nologin to /var/lib/initscripts/nologin; I presume at > > least. It would have been nicer to have a version check here. > > > > Unless there's a reason for keeping it (and I can't see one > > with a short investigation), I think this logic may be safely > > removed. It might be a bit late to do this for wheezy, but > > definitely fixable for jessie. > > Looking at this a bit more closely, this should probably be moved > to /run/nologin, since it's the last writable filesystem and unlike > /etc and /var/lib/initscripts, will be present and writable until > the system is halted. shutdown(8) also hardcodes /etc/nologin, and > this should also be switched to use /run/nologin.
I have applied the following patch to the jessie-pending git branch. This will mean it will go into jessie after the wheezy release. For the meantime it's just queued. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools `- GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800
>From 89d13179d06e5902ff983df7fc666ba1664f7336 Mon Sep 17 00:00:00 2001 From: Roger Leigh <[email protected]> Date: Fri, 23 Nov 2012 22:22:29 +0000 Subject: [PATCH] debian: Use /run/nologin and close #660862 --- debian/changelog | 4 +++ debian/initscripts.postinst | 10 ------- debian/initscripts.postrm | 1 - debian/patches/11_run_nologin.patch | 39 +++++++++++++++++++++++++++ debian/patches/series | 1 + debian/src/initscripts/etc/init.d/rmnologin | 10 +++---- debian/src/initscripts/man/rcS.5 | 9 +++---- 7 files changed, 53 insertions(+), 21 deletions(-) create mode 100644 debian/patches/11_run_nologin.patch diff --git a/debian/changelog b/debian/changelog index e347489..30ccb69 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,10 @@ sysvinit (2.88dsf-29+jessie1) UNRELEASED; urgency=low [ Roger Leigh ] + * initscripts: + - Move /etc/nologin and /var/lib/initscripts/nologin to + /run/nologin. This means that nologin is always created on + a writable, available filesystem. Closes: #660862. * sysv-rc: - Add support for systemd to update-rc.d and invoke-rc.d. Thanks to Michael Stapelberg for this patch. Closes: #683084. diff --git a/debian/initscripts.postinst b/debian/initscripts.postinst index f5004e3..46bdc22 100755 --- a/debian/initscripts.postinst +++ b/debian/initscripts.postinst @@ -302,16 +302,6 @@ do done # -# Set up nologin symlink so that dynamic-login-disabling will work -# (when DELAYLOGIN is set to "yes") -# -if [ ! -L /etc/nologin ] && [ ! -e /etc/nologin ] -then - rm -f /var/lib/initscripts/nologin - ln -s /var/lib/initscripts/nologin /etc/nologin -fi - -# # Revert motd stuff. initscripts now lets pam_motd handle # everything. /etc/motd is just a regular file. # diff --git a/debian/initscripts.postrm b/debian/initscripts.postrm index 2257090..9f3909b 100755 --- a/debian/initscripts.postrm +++ b/debian/initscripts.postrm @@ -22,7 +22,6 @@ case "$1" in # rm -f \ /etc/default/rcS \ - /etc/nologin \ /etc/motd.tail \ /etc/motd.static diff --git a/debian/patches/11_run_nologin.patch b/debian/patches/11_run_nologin.patch new file mode 100644 index 0000000..245c4ae --- /dev/null +++ b/debian/patches/11_run_nologin.patch @@ -0,0 +1,39 @@ +diff --git a/man/shutdown.8 b/man/shutdown.8 +index 919a77e..9ce56e4 100644 +--- a/man/shutdown.8 ++++ b/man/shutdown.8 +@@ -119,7 +119,7 @@ Second, it can be in the format \fB+\fP\fIm\fP, in which \fIm\fP is the + number of minutes to wait. The word \fBnow\fP is an alias for \fB+0\fP. + .PP + If shutdown is called with a delay, it will create the advisory file +-.I /etc/nologin ++.I /run/nologin + which causes programs such as \fIlogin(1)\fP to not allow new user + logins. This file is created five minutes before the shutdown sequence + starts. Shutdown removes this file if it is stopped before it +diff --git a/src/paths.h b/src/paths.h +index 232a944..74c867e 100644 +--- a/src/paths.h ++++ b/src/paths.h +@@ -28,7 +28,7 @@ + #define SDALLOW "/etc/shutdown.allow" /* Users allowed to shutdown */ + #define INITTAB "/etc/inittab" /* Location of inittab */ + #define INIT "/sbin/init" /* Location of init itself. */ +-#define NOLOGIN "/etc/nologin" /* Stop user logging in. */ ++#define NOLOGIN "/run/nologin" /* Stop user logging in. */ + #define FASTBOOT "/fastboot" /* Enable fast boot. */ + #define FORCEFSCK "/forcefsck" /* Force fsck on boot */ + #define SDPID "/var/run/shutdown.pid" /* PID of shutdown program */ +diff --git a/src/shutdown.c b/src/shutdown.c +index 7e997da..8c3345a 100644 +--- a/src/shutdown.c ++++ b/src/shutdown.c +@@ -234,7 +234,7 @@ void warn(int mins) + } + + /* +- * Create the /etc/nologin file. ++ * Create the /run/nologin file. + */ + void donologin(int min) + { diff --git a/debian/patches/series b/debian/patches/series index e4139b0..a603eec 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,6 +2,7 @@ 11_lfs_cflags.patch 11_man_halt8.patch 11_man_fstab_decode_typo +11_run_nologin.patch 20_init_freebsd_vswtc.patch 30_killall5_hurd.patch 40_multiarch_libcrypt.patch diff --git a/debian/src/initscripts/etc/init.d/rmnologin b/debian/src/initscripts/etc/init.d/rmnologin index 62cb6fa..a21589d 100755 --- a/debian/src/initscripts/etc/init.d/rmnologin +++ b/debian/src/initscripts/etc/init.d/rmnologin @@ -5,10 +5,10 @@ # Required-Stop: # Default-Start: 2 3 4 5 # Default-Stop: -# Short-Description: Remove /etc/nologin at boot -# Description: This script removes the /etc/nologin file as the +# Short-Description: Remove /run/nologin at boot +# Description: This script removes the /run/nologin file as the # last step in the boot process, if DELAYLOGIN=yes. -# If DELAYLOGIN=no, /etc/nologin was not created by +# If DELAYLOGIN=no, /run/nologin was not created by # bootmisc earlier in the boot process. ### END INIT INFO @@ -22,13 +22,13 @@ do_start () { # case "$DELAYLOGIN" in Y*|y*) - rm -f /var/lib/initscripts/nologin + rm -f /run/nologin ;; esac } do_status () { - if [ ! -f /var/lib/initscripts/nologin ] ; then + if [ ! -f /run/nologin ] ; then return 0 else return 4 diff --git a/debian/src/initscripts/man/rcS.5 b/debian/src/initscripts/man/rcS.5 index 3114f0e..c8c19ce 100644 --- a/debian/src/initscripts/man/rcS.5 +++ b/debian/src/initscripts/man/rcS.5 @@ -44,13 +44,12 @@ setting the variable to \fByes\fP prevents it. Some details: The \fBDELAYLOGIN\fP variable controls whether or not the -file \fI/var/lib/initscripts/nologin\fP is created during +file \fI/run/nologin\fP is created during the boot process and deleted at the end of it. -\fI/etc/nologin\fP is normally a symbolic link to the latter location, -and the \fBlogin\fP(1) program refuses to allow non-root logins so long -as (the target of) \fI/etc/nologin\fP exists. +The \fBlogin\fP(1) program refuses to allow non-root logins so long +as \fI/run/nologin\fP exists. If you set the variable to \fBno\fP then it is advisable to ensure -that \fI/var/lib/initscripts/nologin\fP does not exist. +that \fI/run/nologin\fP does not exist. .IP \fBVERBOSE\fP Setting this option to \fBno\fP (in lower case) will make the boot process -- 1.7.10.4
_______________________________________________ Pkg-sysvinit-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-sysvinit-devel
