Hi Russ, On Fri, Apr 13, 2007 at 03:55:14PM -0700, Russ Allbery wrote:
> Brian Clark <[EMAIL PROTECTED]> writes: > > Package: ssh > > Version: 1:4.3p2-9 > > Severity: minor > > The openssh install process should detect whether /usr/sbin/nologin > > isn't present in /etc/shells, and it should add it if necessary if ssh > > is going to use /usr/sbin/nologin as its shell. > Wouldn't that be exactly the wrong thing to do given the purpose of > /etc/shells? > Be aware that there are programs which consult this file to find > out if a user is a normal user. E.g.: ftp daemons traditionally > disallow access to users with shells not included in this file. > That's exactly the behavior we want. Yes, then that makes perfect sense to me, too. I suppose that's why you guys are the developers/maintainers! The package tiger started this inquiry (I looked into /usr/sbin/nologin, after), but I don't think that would qualify as a bug in tiger. Should the Debian package of openssh have user sshd use /bin/false instead? The man pages seem to indicate that /usr/sbin/nologin and /bin/false provide the same function. -- Brian Clark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
