[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Tiger-user] Update to Allow Setting NoLogin Shells
From: |
Doug Peterson |
Subject: |
[Tiger-user] Update to Allow Setting NoLogin Shells |
Date: |
Sat, 26 Jul 2008 10:15:25 -0400 |
I have installed the Noshell package to my Debian 4.0 server. This results in
messages about admin accounts having a valid login shell, which is
technically inaccurate. I was trying to find where to update the list of
nologin
shells. I found three different places: check_anonftp, check_network and
check_passwd. It appears, at least in the Debian release, that
check_network is not used. It is a Perl script that may have been
functionally replaced by various shell scripts.
I noticed in check_network a TODO comment about moving the nologin
shells into in tigerrc, so I did. The lists were not completely the same
between check_passwd and check_anonftp, although I would think it would
best if there were. So allowing a setting in tigerrc fixes that. I also added
/sbin/noshell since that was my original goal. For reference, here is what I
added:
/etc/default/tiger/tigerrc:
#
# Acceptable nologin shells that will not be checked.
# List of nologin shells separated by '|'... no whitespaces
Tiger_Nologin_Shells='/bin/false|/usr/bin/false|/bin/true|/dev/null|/sbin/nologin
|/sbin/noshell'
#
/usr/lib/tiger/scripts/check_anonftp:
164c164
< /bin/false|/usr/bin/false|/sbin/nologin)
---
> $Tiger_Nologin_Shells)
/usr/lib/tiger/scripts/check_passwd:
168,169d167
< # TODO: The hardcoded list of shells could be user defined
< # (i.e. in tigerrc)
171c169
< /bin/false|/usr/bin/false|/dev/null|/sbin/nologin|/bin/true)
---
> $Tiger_Nologin_Shells)
This could be part of a resolution to the task:
http://savannah.nongnu.org/task/?3070
/usr/lib/tiger/scripts/check_account could possibly be modified around line
352 with:
shells=`$GREP -v '^#' $ETCSHELLS`
shells="$shells $Tiger_Nologin_Shells"
The reason I say it might is that a nologin shell could also have been
included in /etc/shells so it would be in "shells" twice. I do not know if
that
would have a bad effect in check_accounts later or not.
Thank you,
Doug Peterson
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Tiger-user] Update to Allow Setting NoLogin Shells,
Doug Peterson <=