current-users: Re: bin/2905: setting environment vars from login

Subject: Re: bin/2905: setting environment vars from login
To: None <current-users@NetBSD.ORG>
From: Greg A. Woods <woods@kuma.web.net>
List: current-users
Date: 11/12/1996 23:47:10

[ On Fri, November 8, 1996 at 07:49:06 (-0500), der Mouse wrote: ]
> Subject: Re: bin/2905: setting environment vars from login
>
> Nowadays it seems to get used as "a login with a shell in /etc/shells
> is a human with shell access, anything else is a captive account".
> 
> This makes mistakes: I (relatively) often have logins on systems where
> I can't write /etc/shells, but want to run my shell instead of being
> stuck with one of the vendor shells.

Well, that's the mechanism at work!  Defeat this and you do render the
feature totally useless.  ;-)

So long as you're able to start arbitrary binaries from the shell you're
given though, you are not be forced to use a vendor shell.  If I'm stuck
with /bin/sh, but want ksh, I just put this in ~/.profile:

	argv0=`basename $0`
	if [ -s $HOME/.shell -a "X$argv0" != "X.xinitrc" -a "X$argv0" != "X.xsession" ]  ; then
		exec `cat $HOME/.shell`
	fi

And I get what I want, every time, and it even simulates a login shell.

> It also assumes that all captive accounts are the same.  They're not;
> witness /etc/ftpusers, and note that ftpd _still_ checks /etc/shells
> (or at least its manpage says it does), despite having its own
> mechanism.

Very good point -- I'd say this calls for a PR if it's still true.

> What is /etc/shells good for?  Anything?  Or is it just following a
> tradition started by someone looking for a quick fix?

I find it very useful in order that I can allow various shell choices to
general purpose users (and disallow others).

> Even if it still
> has some use, I'd really like to see a way that I, as a sysadmin, can
> configure it such that _any_ program is considered a "standard shell".
> With /etc/shells as it stands, the only way to do that is something
> like "find / -type f -print > /etc/shells", and that (a) will make
> getusershell() take _forever_ and (b) needs to be rerun every time
> someone compiles a new program.

Would a '*' do the trick for you if it was implemented?

I'd like to see a missing file mean that chsh was disabled too.  The
internal list in getusershell() is truely bogus and should call for
another PR in my opinion.

-- 
							Greg A. Woods

+1 416 443-1734			VE3TCP			robohack!woods
Planix, Inc. <woods@planix.com>; Secrets Of The Weird <woods@weird.com>