tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: "valid shell"s

>>> My guess is that otherwise it's not really worth trying to fix it,
>>> beyond maybe adding globbing.  Ultimately, there are too many
>>> admins and users who know how /etc/shells works to justify making
>>> big changes without a clear increment in functionality.
>> I believe I can fix it without breaking existing setups.
> Yes, but as you noted, ultimately the shell field of the password
> file is not the right place for encoding whether accounts are real or
> not.

...and "whether accounts are real or not" - for just about any
definition of "real" - is not the correct thing to test if you want to
find out whether an account is allowed to use server-side FTP,
sendmail's prog mailer, etc.

> Is it really worth mucking with the format of /etc/shells without
> fixing that?  That's what I was trying to get at.

Well, I *would* prefer to do away with it entirely.  But if that won't
happen - and I gather it won't, if you're suggesting kludgery like a
"shell" that just execs the real shell - I'd like to at least make it
possible for people who agree with me to easily make go away on their
own systems.  *I* can set up such a wrapper shell easily enough, but
most admins are not system programmers.  Or would you support putting
such a wrapper in base?

> In a perfect world, programs that were shells would carry a type
> marker of some kind saying "I implement the exec-level interface
> expected of a shell", so you wouldn't need to maintain a list.

Depending on what you're trying to do with that list, you might.
Depending on whether programmers can set it on more-or-less arbitrary
programs they write, either some admins will want to forbid some
programs that have it set or some (other) admins will want to allow
some programs that don't.

Besides, what does "the exec-level interface expected of a shell"
actually mean?  I'm having trouble thinking of anything which rsh (the
restricted sh, not the remote execution program) satisfies but, say, vi
or expect doesn't.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML     
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Home | Main Index | Thread Index | Old Index