Subject: Re: User "news"
To: Matthias Scheler <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 07/03/2002 13:27:27
[ On Wednesday, July 3, 2002 at 06:40:54 (+0000), Matthias Scheler wrote: ]
> Subject: Re: User "news"
> In article <20020702200855.E1883AC@proven.weird.com>,
> firstname.lastname@example.org (Greg A. Woods) writes:
> >> and disturb the package systems ability to create
> >> decent accounts.
> > What does this mean? (i.e. what do you mean by "decent" in this context?)
> INN needs an account with a valid shell because it runs scripts and
> cron jobs.
Hmmm.... OK, but I don't think that can be the true reason why the INN
account would need a valid shell.... I run cron jobs that are shell
scripts for users without valid shells....
$ fgrep syssup /etc/passwd
syssup:*:105:108:Proven Weird System SUP Admin:/var/sup:/sbin/nologin
$ fgrep syssup /etc/crontab
11 23 * * * syssup /usr/local/sbin/rsync-netbsd-cvs
$ file /usr/local/sbin/rsync-netbsd-cvs
/usr/local/sbin/rsync-netbsd-cvs: Bourne shell script text executable
and if you're running them from root's private crontab with 'su' then
all you need to do is use 'su -m' to bypass the "valid shell" check:
# su syssup -c 'id'
This account is currently not available.
# su -m syssup -c 'id'
uid=105(syssup) gid=108(supadmin) groups=108(supadmin)
Besides, even if INN does need an account with a valid shell for some
reason, then removing the 'news' account from the default system just so
that it can be re-added by the package is not the correct solution (for
one it won't "fix" any existing systems, nor will it "fix" any new
system where the administrator has attempted to anticipate the needs of
the INN package).
The proper solution is for the package REQ[UIRE] script to check that
any existing account to be used by INN (eg. 'news') meets the necessary
requirements for INN's use before the package can be added (and suggests
use of 'vipw' or 'chsh -s /bin/sh news' if it does not).
Greg A. Woods
+1 416 218-0098; <email@example.com>; <firstname.lastname@example.org>
Planix, Inc. <email@example.com>; VE3TCP; Secrets of the Weird <firstname.lastname@example.org>