Bug#419132: ssh: /usr/sbin/nologin used for shell, not present in /etc/shells
Hi Russ,
On Fri, Apr 13, 2007 at 03:55:14PM -0700, Russ Allbery wrote:
> Brian Clark <bjclark@helios.unwell.org> writes:
> > Package: ssh
> > Version: 1:4.3p2-9
> > Severity: minor
> > The openssh install process should detect whether /usr/sbin/nologin
> > isn't present in /etc/shells, and it should add it if necessary if ssh
> > is going to use /usr/sbin/nologin as its shell.
> Wouldn't that be exactly the wrong thing to do given the purpose of
> /etc/shells?
> Be aware that there are programs which consult this file to find
> out if a user is a normal user. E.g.: ftp daemons traditionally
> disallow access to users with shells not included in this file.
> That's exactly the behavior we want.
Yes, then that makes perfect sense to me, too. I suppose that's why you
guys are the developers/maintainers!
The package tiger started this inquiry (I looked into /usr/sbin/nologin,
after), but I don't think that would qualify as a bug in tiger.
Should the Debian package of openssh have user sshd use /bin/false
instead? The man pages seem to indicate that /usr/sbin/nologin and
/bin/false provide the same function.
--
Brian Clark
Reply to: