Re: please don't check mail for root logins
I believe you are right about login.conf being used. But let me describe in more detail the problems I encountered with sshd. From sshd.c: /* Check if .hushlogin exists. Note that we cannot use userfile here because we are in the child. */ sprintf(line, %.200s/.hushlogin, pw-pw_dir); quiet_login = stat(line, st) = 0; #if defined (__FreeBSD__) defined(HAVE_LOGIN_CAP_H) quiet_login = login_getcapbool(lc, hushlogin, quiet_login); #endif The above code sets quiet_login based on the existence of a .hushlogin file, then loses that value and sets it again from login_getcapbool, thus effectively ignoring any .hushlogin file. I tried to fix this error by changing the last assignment above to: quiet_login |= login_getcapbool(lc, hushlogin, quiet_login); Once I did this, sshd did detect the presence of a .hushlogin file, but then it would abort with a signal (don't remember which signal), which prevented anybody from logging in who had a .hushlogin file. At this point I undid the UserLogin feature and reverted to using sshd in its native mode. Relying on login.conf to have root's mail not checked seems promising. But it seems to me that not checking root's mail ought to be the default everywhere -- in login.conf, in sshd, and in /bin/login. When the user discovers that he can't log in as root to fix a problem, it's already too late to be going back and changing the defaults. And root's mail should always be forwarded to a non-root user anyway. Rahul Date: Thu, 25 Feb 99 21:31:36 +0100 From: Ollivier Robert robe...@keltia.freenix.fr To:freebsd-current@FreeBSD.ORG Message-Id: 19990225213136.b12...@keltia.freenix.fr Subject: Re: please don't check mail for root logins According to Rahul Dhesi: Good idea, thanks, and I now realize that it won't work, and neither will changing /bin/login -- because sshd does not seem to honor either one. The sshd in ports should honor the login.conf stuff. One of the patches adds FreeBSD as a target with login_cap.h. Look into patch-af in sshd/patches. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- robe...@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #69: Mon Jan 18 02:02:12 CET 1999 To Unsubscribe: send mail to majord...@freebsd.org with unsubscribe freebsd-current in the body of the message To Unsubscribe: send mail to majord...@freebsd.org with unsubscribe freebsd-current in the body of the message
Re: please don't check mail for root logins
Good idea, thanks, and I now realize that it won't work, and neither will changing /bin/login -- because sshd does not seem to honor either one. I will have to try re-installing sshd with the --with-login flag. When I last tried that flag, the use of a .hushlogin file caused failed logins for some reason, so I reinstalled sshd without --with-login . Drat! I hate it when software bypasses standard system routines. Rahul Date: Wed, 24 Feb 99 23:26:47 PST From: Matthew Dillon dil...@apollo.backplane.com To:Rahul Dhesi dh...@rahul.net Cc:freebsd-current@FreeBSD.ORG Message-Id: 199902250726.xaa00...@apollo.backplane.com Subject: Re: please don't check mail for root logins :I have a suggestion for the FreeBSD maintainers. : :In /bin/login, please don't check for mail when the user is root. And :in the case that the mail filesystem is mounted via NFS from a :non-responding server, it hangs root logins. : :Root logins on machine A should never ever ever require machine B :to be up. : :Rahul You should be able to fix this trivially in /etc/login.conf. Look at the standard: entry's setenv for MAIL and do something similar for root's, pointing MAIL somewhere else. I haven't tried this myself, but it should work. -Matt Matthew Dillon dil...@backplane.com To Unsubscribe: send mail to majord...@freebsd.org with unsubscribe freebsd-current in the body of the message To Unsubscribe: send mail to majord...@freebsd.org with unsubscribe freebsd-current in the body of the message
Re: please don't check mail for root logins
On Thu, Feb 25, 1999 at 04:15:30AM -0800, Rahul Dhesi wrote: Good idea, thanks, and I now realize that it won't work, and neither will changing /bin/login -- because sshd does not seem to honor either one. You could try taking a look in sshd_config and setting UseLogin Yes. -- Jon Parise (par...@pobox.com) . .: current environment :. Rochester Inst. of Technology : OSF1 grace V4.0 878 alpha Computer Science House Member : user: jcptch host: grace https://www.csh.rit.edu/~jon/ : term: vt100tty: ttysb To Unsubscribe: send mail to majord...@freebsd.org with unsubscribe freebsd-current in the body of the message
Re: please don't check mail for root logins
According to Rahul Dhesi: Good idea, thanks, and I now realize that it won't work, and neither will changing /bin/login -- because sshd does not seem to honor either one. The sshd in ports should honor the login.conf stuff. One of the patches adds FreeBSD as a target with login_cap.h. Look into patch-af in sshd/patches. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- robe...@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #69: Mon Jan 18 02:02:12 CET 1999 To Unsubscribe: send mail to majord...@freebsd.org with unsubscribe freebsd-current in the body of the message
Re: please don't check mail for root logins
UserLogin is just a flag that is needed to enable --with-login at runtime. It doesn't prevent failed logins when a .hushlogin file is present -- that's a bug in sshd that will need to be fixed first. Rahul Date: Thu, 25 Feb 99 10:51:01 EST From: jcp...@osfmail.isc.rit.edu To:freebsd-current@FreeBSD.ORG Message-Id: 19990225105101.a15...@osfmail.isc.rit.edu Subject: Re: please don't check mail for root logins On Thu, Feb 25, 1999 at 04:15:30AM -0800, Rahul Dhesi wrote: Good idea, thanks, and I now realize that it won't work, and neither will changing /bin/login -- because sshd does not seem to honor either one. You could try taking a look in sshd_config and setting UseLogin Yes. -- Jon Parise (par...@pobox.com) . .: current environment :. Rochester Inst. of Technology : OSF1 grace V4.0 878 alpha Computer Science House Member : user: jcptch host: grace https://www.csh.rit.edu/~jon/ : term: vt100tty: ttysb To Unsubscribe: send mail to majord...@freebsd.org with unsubscribe freebsd-current in the body of the message To Unsubscribe: send mail to majord...@freebsd.org with unsubscribe freebsd-current in the body of the message
Re: please don't check mail for root logins
:UserLogin is just a flag that is needed to enable --with-login at runtime. :It doesn't prevent failed logins when a .hushlogin file is present -- :that's a bug in sshd that will need to be fixed first. : :Rahul There is a 'CheckMail' option. You should be able to set it to NO. -Matt To Unsubscribe: send mail to majord...@freebsd.org with unsubscribe freebsd-current in the body of the message
please don't check mail for root logins
I have a suggestion for the FreeBSD maintainers. In /bin/login, please don't check for mail when the user is root. And in the case that the mail filesystem is mounted via NFS from a non-responding server, it hangs root logins. Root logins on machine A should never ever ever require machine B to be up. Rahul P.S. Patch on request, but it's too trivial to submit as one. To Unsubscribe: send mail to majord...@freebsd.org with unsubscribe freebsd-current in the body of the message
Re: please don't check mail for root logins
:I have a suggestion for the FreeBSD maintainers. : :In /bin/login, please don't check for mail when the user is root. And :in the case that the mail filesystem is mounted via NFS from a :non-responding server, it hangs root logins. : :Root logins on machine A should never ever ever require machine B :to be up. : :Rahul You should be able to fix this trivially in /etc/login.conf. Look at the standard: entry's setenv for MAIL and do something similar for root's, pointing MAIL somewhere else. I haven't tried this myself, but it should work. -Matt Matthew Dillon dil...@backplane.com To Unsubscribe: send mail to majord...@freebsd.org with unsubscribe freebsd-current in the body of the message