Subject: Re: admin/15698: /etc/security vs. /etc/shells in regard to /sbin/nologin
To: NetBSD GNATS submissions and followups <gnats-bugs@gnats.netbsd.org>
From: Andrew Brown <atatat@atatdot.net>
List: netbsd-bugs
Date: 02/23/2002 00:49:58
>> this sounds reasonable, but, iirc, will later cause accounts that have
>> no password to be declared "inactive but with a valid shell".
>
>Yes, of course -- that's the desired behaviour.  If you don't want
>some/all of those reported then that's a different issue.

eliminating one "erroneous" message so that one gets three more is
most certainly not the point.  accounts that currently have * as the
password and /sbin/nologin as the shell should not cause any message
from /etc/security.

>> a better fix might be to specifically allow /sbin/nologin as a shell
>> at the point that emits the complaint in question.
>
>No, I don't think so.  At least with adding the shells explicitly to the
>list in the array you don't have to mess with an ever more complex
>expression in the logic of the program.....

# diff /etc/security /usr/src/etc/security
215c215
<               } else if (! shells[$10] && $10 != "/sbin/nologin")
---
>               } else if (! shells[$10])

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."