Bug#93894: lshell sucks, should be removed
I found lshell (orphaned, #93894) is just too braindead.
Its description says:
> Description: Enforce limits to protect system integrity.
> This program enforces resource quotas stored in a configuration file. It is
> easier and more secure that writing a shell script in /etc/profile and
> trying to compare user names in hard-coded if/else type trees.
It is a simple C program that does basically the following:
#!/usr/bin/perl
# BEGIN BIG ASSUMPTIONS
# * The absolute path of the login shell has exactly one occurrence of
# the string "/lshells".
# * The directory which contains the binary file of the shell S a user want
# to use has a directory D such that:
# - D is named "lshells"
# - D have a symlink L to /usr/bin/lshell, the binary file of lshell
# - L and S have the same name
# For example:
# /bin/sh (S)
# /bin/lshells/ (D)
# /bin/lshells/sh -> /usr/bin/lshell (L)
# * The login shell defined in /etc/passwd must be an appropriate symlink L
# that is mentioned above (of course, it must be one of the files listed
# in /etc/shells)
# END BIG ASSUMPTIONS
$shell = $ENV{SHELL};
$shell =~ s:/lshells::;
&set_limit();
!system($shell) || print STDERR "falling back to sh\n";
system("/bin/sh");
This means that a user must have /bin/lshells/ or /usr/bin/lshells/ to use
lshell. It is ugly. In fact, the .deb comes with /bin/lshells/ and
/usr/bin/lshells/! It also has a postinst script which creates the
necessary symlinks and asks the user if it may do a massive chsh for all
non-system users (that is, uid > 99) and then modify /etc/shells (a conffile
of the package "passwd").
lshell needs lots of hack (or a complete rewrite) to follow the FHS.
If a sysadmin wants to set a resource limit now, s/he can use
the pam_limits PAM module. Therefore I think lshell should be removed
from the Debian archive.
I am not a Debian developer. Can I file a bug against ftp.debian.org?
--
Oohara Yuuma <oohara@libra.interq.or.jp>
Graduate-school of Science, Kyoto University
PGP key (key ID F464A695) http://www.interq.or.jp/libra/oohara/pub-key.txt
Key fingerprint = 6142 8D07 9C5B 159B C170 1F4A 40D6 F42E F464 A695
I always put away what I take.
--- Ryuji Akai, "Star away"
Reply to: