I have installed the Noshell package to my Debian 4.0 server. This results in messages about admin accounts having a valid login shell, which is technically inaccurate. I was trying to find where to update the list of nologin shells. I found three different places: check_anonftp, check_network and check_passwd. It appears, at least in the Debian release, that check_network is not used. It is a Perl script that may have been functionally replaced by various shell scripts.
I noticed in check_network a TODO comment about moving the nologin shells into in tigerrc, so I did. The lists were not completely the same between check_passwd and check_anonftp, although I would think it would best if there were. So allowing a setting in tigerrc fixes that. I also added /sbin/noshell since that was my original goal. For reference, here is what I added: /etc/default/tiger/tigerrc: # # Acceptable nologin shells that will not be checked. # List of nologin shells separated by '|'... no whitespaces Tiger_Nologin_Shells='/bin/false|/usr/bin/false|/bin/true|/dev/null|/sbin/nologin |/sbin/noshell' # /usr/lib/tiger/scripts/check_anonftp: 164c164 < /bin/false|/usr/bin/false|/sbin/nologin) --- > $Tiger_Nologin_Shells) /usr/lib/tiger/scripts/check_passwd: 168,169d167 < # TODO: The hardcoded list of shells could be user defined < # (i.e. in tigerrc) 171c169 < /bin/false|/usr/bin/false|/dev/null|/sbin/nologin|/bin/true) --- > $Tiger_Nologin_Shells) This could be part of a resolution to the task: http://savannah.nongnu.org/task/?3070 /usr/lib/tiger/scripts/check_account could possibly be modified around line 352 with: shells=`$GREP -v '^#' $ETCSHELLS` shells="$shells $Tiger_Nologin_Shells" The reason I say it might is that a nologin shell could also have been included in /etc/shells so it would be in "shells" twice. I do not know if that would have a bad effect in check_accounts later or not. Thank you, Doug Peterson _______________________________________________ Tiger-user mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/tiger-user
