colleague just pointed out that, in a new core-image-minimal, the base-passwd recipe loads up /etc/passwd (based on initial passwd.master file) with various accounts that really don't merit a login shell of /bin/sh: ... daemon:*:1:1:daemon:/usr/sbin:/bin/sh bin:*:2:2:bin:/bin:/bin/sh sys:*:3:3:sys:/dev:/bin/sh sync:*:4:65534:sync:/bin:/bin/sync games:*:5:60:games:/usr/games:/bin/sh man:*:6:12:man:/var/cache/man:/bin/sh lp:*:7:7:lp:/var/spool/lpd:/bin/sh mail:*:8:8:mail:/var/mail:/bin/sh news:*:9:9:news:/var/spool/news:/bin/sh ...
it is, of course, trivial to add a couple patches to base-passwd.bbappend to reduce a lot of those to using /sbin/nologin rather than /bin/sh, but is there a simpler way? is there a variable which you can set to, say, the passwd accounts to be weakened this way? or do people just patch the passwd.master file? or is there yet another alternative? rday
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#137196): https://lists.openembedded.org/g/openembedded-core/message/137196 Mute This Topic: https://lists.openembedded.org/mt/72986212/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
