Re: /etc/shells policy?
Hi,
>>"Luis" == Luis Francisco Gonzalez <luisgh@cogs.susx.ac.uk> writes:
Luis> there is an "oldish" bug report open on tcsh that complains
Luis> about tcsh not deleting it's own entry from /etc/shells upon
Luis> removal from the system.
Since that file belongs to another package, and shells do not
add to that file, shell should not delete entries from the file
either.
Now, one may ask the asswd package to provide a simple
(trivial) command to add and remove entries from the file. Howevr, I
am not convinced that arbitary commands should be allowed to modify
that file at all. The contents of that file are an important part of
the security policy for a site.
______________________________________________________________________
If two or more packages use the same configuration file, one of these
packages has to be defined as *owner* of the configuration file, i.e.,
it has to list the file as `conffile' and has to provide a program
that modifies the configuration file.
The other packages have to depend on the *owner* package and use that
program to update the configuration file.
______________________________________________________________________
Luis> http://www.debian.org/Bugs/db/16/16072.html
Luis> Now, in my system I seem to have any imaginable shell included
Luis> in that file, which belongs to the passwd package.
Luis> The question is what should I do. AFAIK, /etc/shells is used to
Luis> determine which shells can be used with chsh. I am not aware of
Luis> any other use. I think it makes perfect sense that shells
Luis> (un)register themselves in that file upon installation and in
Luis> the pre-removal of the package. If the shell is used by some
Luis> user (as shown in the /etc/passwd file) it should probably
Luis> refuse to remove the package.
Umm, no I do not want strange shells registering themselves. I
would consider that a security hole. I have strong policies about
what shells are acceptable as login shells (after all, *I* am the one
who has to clean up the mess)
manoj
--
A master was explaining the nature of Tao to one of his novices. "The
Tao is embodied in all software -- regardless of how insignificant,"
said the master. "Is Tao in a hand-held calculator?" asked the
novice. "It is," came the reply. "Is the Tao in a video game?"
continued the novice. "It is even in a video game," said the
master. "And is the Tao in the DOS for a personal computer?" The
master coughed and shifted his position slightly. "The lesson is
over for today," he said. Geoffrey James, "The Tao of Programming"
Manoj Srivastava <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
Reply to: