On Thu, 13 Jan 2000, der Mouse wrote:

>> when I change the shell for root to bash the chsh program send this
>> message:
>
>>     "warning,unknown root shell"
>
>> 1.What can i do to make NetBSD to know this shell?
>

>But that aside, /etc/shells is probably your problem.  You could just
>add bash to /etc/shells, but the right fix would be to find the code
>that's using /etc/shells and fix it.  (Having a list of "acceptable"
>shells is the wrong fix to a non-problem.  It was invented, I believe,
>in response to the "chsh to a shell with a newline in its name"
>security hole - a problem to which it's the wrong solution - and
>promptly got (ab)used for a whole lot of other things, from trying to
>decree that only users with certain shells are allowed to ftp in to, as
>you saw, producing gratuitous noise messages about root's passwd file
>entry.  Worse, the API to it - getusershell() - is broken; the correct
>API would be usershellisvalid().  getusershell() makes it impossible,
>even by hacking the back-end, for an admin to configure a system such
>that any shell is considered acceptable.)

What about the problem of a clueless user doing something like

	chsh /bin/true

Surely it's reasonable to constrain users so that they can only chsh to
something which _is_ a shell, because if they chsh to something which
isn't a shell they have to get root to reset their passwd entry.


Roger

------------------------------------------------------------------------------
Roger Brooks (Systems Programmer),          |  Email: R.S.Brooks@liv.ac.uk
Computing Services Dept,                    |  Tel:   +44 151 794 4441
The University of Liverpool,                |  Fax:   +44 151 794 4442
PO Box 147, Liverpool L69 3BX, UK           | 
------------------------------------------------------------------------------