>> [.../etc/shells "wrong solution to a non-problem" mini-rant...]

> What about the problem of a clueless user doing something like
> 	chsh /bin/true

"UNIX does not stop you from doing stupid things because that would
also stop you from doing clever things".

I have no problem with it being possible to configure a system such
that only certain pathnames are acceptable to chsh.

I could even live with that as the default, though I wouldn't like it.

I have a major problem with it being impossible to configure the system
any other way.

If nothing else, it breaks the "the shell is just another program"
paradigm that UNIX had from just about day one.

smb says /etc/shells was invented to fix the problem of ftp to accounts
like uucp.  /etc/ftpusers is the right fix to this problem.  I thought
it was invented to prevent newlines in shells from being a security
hole.  chsh checking for newlines in shells is the right fix to that
problem - it probably should check for colons too.

I have trouble thinking of *any* problem /etc/shells is the right fix
for, especially with getusershell() as the API.

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B