On Wed, Feb 05, 2014 at 01:38:41PM -0800, Russ Allbery wrote: > Sam Couter <s...@couter.id.au> writes: > > I use the SSH authentication and transport method, which means Amanda > > uses SSH to connect to the clients as the backup user to run amandad. I > > have set the authorized_keys file for the backup user to force the > > amandad command, but this is executed using the login shell. > > > Setting the shell to /bin/sh makes the error message go away, running > > update-passwd brings it back. > > I suspect that you have your debconf priority settings set to suppress > prompting. If you change the shell and then run: > > dpkg-reconfigure base-passwd > > and say no to the question of whether you want update-passwd to change the > shell, it will leave it alone and remember that response for all > subsequent upgrades. > > You can also use debconf preseeding to set that answer across large > numbers of systems if needed.
It worries me a bit that this breaks amanda. I think this is the main thing holding me back from closing #734946. Russ, you have more experience of dealing with security audits that pick this up than I do; what would you think of flipping the backup user's shell back to /bin/sh? I don't see an obvious way to override this for amanda the way we did for the various things that used su and broke with the change of default shells. -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
