[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#419132: ssh: /usr/sbin/nologin used for shell, not present in /etc/shells



Hi Russ,

On Fri, Apr 13, 2007 at 03:55:14PM -0700, Russ Allbery wrote:

> Brian Clark <bjclark@helios.unwell.org> writes:

> > Package: ssh
> > Version: 1:4.3p2-9
> > Severity: minor

> > The openssh install process should detect whether /usr/sbin/nologin
> > isn't present in /etc/shells, and it should add it if necessary if ssh
> > is going to use /usr/sbin/nologin as its shell.

> Wouldn't that be exactly the wrong thing to do given the purpose of
> /etc/shells?

>        Be aware that there are programs which consult this file to find
>        out if a user is a normal user.  E.g.:  ftp daemons traditionally
>        disallow access to users with shells not included in this file.

> That's exactly the behavior we want.

Yes, then that makes perfect sense to me, too. I suppose that's why you
guys are the developers/maintainers!

The package tiger started this inquiry (I looked into /usr/sbin/nologin,
after), but I don't think that would qualify as a bug in tiger. 

Should the Debian package of openssh have user sshd use /bin/false
instead? The man pages seem to indicate that /usr/sbin/nologin and
/bin/false provide the same function.

-- 
Brian Clark





Reply to: