Subject: Re: bin/2905: setting environment vars from login
To: None <current-users@NetBSD.ORG>
From: Greg A. Woods <firstname.lastname@example.org>
Date: 11/12/1996 23:47:10
[ On Fri, November 8, 1996 at 07:49:06 (-0500), der Mouse wrote: ]
> Subject: Re: bin/2905: setting environment vars from login
> Nowadays it seems to get used as "a login with a shell in /etc/shells
> is a human with shell access, anything else is a captive account".
> This makes mistakes: I (relatively) often have logins on systems where
> I can't write /etc/shells, but want to run my shell instead of being
> stuck with one of the vendor shells.
Well, that's the mechanism at work! Defeat this and you do render the
feature totally useless. ;-)
So long as you're able to start arbitrary binaries from the shell you're
given though, you are not be forced to use a vendor shell. If I'm stuck
with /bin/sh, but want ksh, I just put this in ~/.profile:
if [ -s $HOME/.shell -a "X$argv0" != "X.xinitrc" -a "X$argv0" != "X.xsession" ] ; then
exec `cat $HOME/.shell`
And I get what I want, every time, and it even simulates a login shell.
> It also assumes that all captive accounts are the same. They're not;
> witness /etc/ftpusers, and note that ftpd _still_ checks /etc/shells
> (or at least its manpage says it does), despite having its own
Very good point -- I'd say this calls for a PR if it's still true.
> What is /etc/shells good for? Anything? Or is it just following a
> tradition started by someone looking for a quick fix?
I find it very useful in order that I can allow various shell choices to
general purpose users (and disallow others).
> Even if it still
> has some use, I'd really like to see a way that I, as a sysadmin, can
> configure it such that _any_ program is considered a "standard shell".
> With /etc/shells as it stands, the only way to do that is something
> like "find / -type f -print > /etc/shells", and that (a) will make
> getusershell() take _forever_ and (b) needs to be rerun every time
> someone compiles a new program.
Would a '*' do the trick for you if it was implemented?
I'd like to see a missing file mean that chsh was disabled too. The
internal list in getusershell() is truely bogus and should call for
another PR in my opinion.
Greg A. Woods
+1 416 443-1734 VE3TCP robohack!woods
Planix, Inc. <email@example.com>; Secrets Of The Weird <firstname.lastname@example.org>