Re: using /usr/bin/nologin instead of /bin/false in adduser?

To: debian-devel@lists.debian.org
Subject: Re: using /usr/bin/nologin instead of /bin/false in adduser?
From: Adam Borowski <kilobyte@angband.pl>
Date: Sat, 13 May 2006 19:56:00 +0200
Message-id: <[🔎] 20060513175600.GA26966@angband.pl>
In-reply-to: <[🔎] 4466148E.9060700@familiasanchez.net>
References: <[🔎] 20060513143350.GO12757@torres.l21.ma.zugschlus.de> <[🔎] 20060513170943.GA7051@login.informatik.uni-freiburg.de> <[🔎] 4466148E.9060700@familiasanchez.net>

On Sat, May 13, 2006 at 01:17:02PM -0400, Roberto C. Sanchez wrote:
> Out of curiousity, what happens when someone tries to login and /usr is
> unavailable?  If the shell is set to something in /bin, it will still be
> used.  What is the default action when the user's shell is not available?

foo:x:1002:1002:,,,:/home/foo:/bin/zzzz


Debian GNU/Linux testing/unstable umbar tty5

umbar login: foo
Password:
Linux umbar 2.6.16-1-686 #2 Thu May 4 18:22:23 UTC 2006 i686
Cannot execute /bin/zzzz: No such file or directory

Debian GNU/Linux testing/unstable umbar tty5

umbar login:


/* Note: the password below is correct every time */
[~]$ ssh -l foo ::1
foo@::1's password:
Permission denied, please try again.
foo@::1's password:
Permission denied, please try again.
foo@::1's password:
Permission denied (publickey,password).
[~]$ scp DEADJOE foo@[::1]:
foo@::1's password:
Permission denied, please try again.
foo@::1's password:
Permission denied, please try again.
foo@::1's password:
Permission denied (publickey,password).
lost connection
[~]$


May 13 19:43:32 umbar sshd[7413]: User foo not allowed because shell /bin/zzzz does not exist
May 13 19:43:32 umbar sshd[7413]: Failed none for invalid user foo from ::1 port 47974 ssh2
May 13 19:43:34 umbar sshd[7413]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip6-localhost  user=foo
May 13 19:43:36 umbar sshd[7413]: Failed password for invalid user foo from ::1 port 47974 ssh2
May 13 19:43:44 umbar last message repeated 2 times
May 13 19:43:44 umbar sshd[7413]: (pam_unix) 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip6-localhost  user=foo


With /bin/true:

[~]$ scp DEADJOE foo@[::1]:
foo@::1's password:
lost connection
[~]$

May 13 19:50:25 umbar sshd[7465]: Accepted password for foo from ::1 port 53466 ssh2
May 13 19:50:25 umbar sshd[7467]: (pam_unix) session opened for user foo by (uid=0)
May 13 19:50:25 umbar sshd[7467]: (pam_unix) session closed for user foo



-- 
1KB		// Rule #6: If violence wasn't your last resort,
		// you failed to resort to enough of it.
		//   - The Seven Habits of Highly Effective Pirates

Reply to:

References:
- using /usr/bin/nologin instead of /bin/false in adduser?
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: using /usr/bin/nologin instead of /bin/false in adduser?
  - From: "Bernhard R. Link" <brlink@debian.org>
- Re: using /usr/bin/nologin instead of /bin/false in adduser?
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>

Prev by Date: Re: multiarch status update
Next by Date: cleaning up lib*-dev packages?
Previous by thread: Re: using /usr/bin/nologin instead of /bin/false in adduser?
Next by thread: Re: using /usr/bin/nologin instead of /bin/false in adduser?
Index(es):
- Date
- Thread