Subject: Re: admin/15698: /etc/security vs. /etc/shells in regard to /sbin/nologin
To: NetBSD GNATS submissions and followups <gnats-bugs@gnats.netbsd.org>
From: Andrew Brown <atatat@atatdot.net>
List: netbsd-bugs
Date: 02/23/2002 00:49:58
>> this sounds reasonable, but, iirc, will later cause accounts that have
>> no password to be declared "inactive but with a valid shell".
>
>Yes, of course -- that's the desired behaviour. If you don't want
>some/all of those reported then that's a different issue.
eliminating one "erroneous" message so that one gets three more is
most certainly not the point. accounts that currently have * as the
password and /sbin/nologin as the shell should not cause any message
from /etc/security.
>> a better fix might be to specifically allow /sbin/nologin as a shell
>> at the point that emits the complaint in question.
>
>No, I don't think so. At least with adding the shells explicitly to the
>list in the array you don't have to mess with an ever more complex
>expression in the logic of the program.....
# diff /etc/security /usr/src/etc/security
215c215
< } else if (! shells[$10] && $10 != "/sbin/nologin")
---
> } else if (! shells[$10])
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."