On Wed, 2022-07-27 at 15:21 +0200, Marc Haber wrote: > On Wed, Jul 27, 2022 at 09:12:50AM -0400, Jason Franklin wrote: > For a normal user account, I am undecided whether: > > - leave login shell intact, leaving a possible security hole > - set login shell back to the default when the account gets reenabled > - save login shell somewhere to reinstate if on reenabling.
Maybe have adduser prompt when using --unlock (and without -s) whether to reset the shell to the default? (just #2, but more explicit) Then again a single colon-separated file to check *before* selecting the default isn't a ton of added complexity. Contrary to the behavior of usermod(8), I personally think adding the additional barrier to access is a feature. > I'd say, do it as you see fit Me too :) mb
signature.asc
Description: This is a digitally signed message part
