Subject: Re: admin/15698: /etc/security vs. /etc/shells in regard to /sbin/nologin
To: NetBSD GNATS submissions and followups <gnats-bugs@gnats.netbsd.org>
From: Andrew Brown <atatat@atatdot.net>
List: netbsd-bugs
Date: 02/22/2002 20:14:03
>In the end I did this to quiet /etc/security on my systems:
>...
>+               shells["/sbin/nologin"]++;
>+               shells["/usr/games/wargames"]++;
>+               shells["/usr/libexec/uucp/uucico"]++;
>...
>I think that's a little cleaner than your patch, though definition of a
>companion file such as /etc/shells.nonstd might be even better (I
>usually prefer data-driven programs to modifying hard-coded data within
>a program, but I was too lazy to go that far with my own local source tree).

this sounds reasonable, but, iirc, will later cause accounts that have
no password to be declared "inactive but with a valid shell".

a better fix might be to specifically allow /sbin/nologin as a shell
at the point that emits the complaint in question.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."