Bug#771925: release-notes: Add a note of base-passwd hardening shell on backup user
Package: release-notes
Severity: normal
Hi.
AFAIU, since base-passwd 3.5.30, new in Jessie, update-passwd (triggered by dpkg-configuration of base-passwd) may update (silently ? depening on dpkg priority) the password of users like 'backup' to /usr/sbin/nologin (instead of /bin/sh for instance, previously).
This is likely to break remote backups performed over SSH for instance (see #737735 for instance).
While securing such accounts connectivity is great, I fear the release notes for Jessie lack a mention of this fact.
Of course, backup user may not be the only one affected, but this is at least one case that may occur, hence worth documenting, IMHO.
Thanks in advance.
Best regards,
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: