How come /sbin/nologin is in /etc/shells contradicting the man page?
Daniel J Walsh
dwalsh at redhat.com
Tue May 22 18:03:54 UTC 2007
Adam Jackson wrote:
> On Tue, 2007-05-22 at 13:41 -0400, Daniel J Walsh wrote:
>
>
>> > grep ftp /etc/shells
>> ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
>>
>> This has led us to hack up the genhomedircon script to remove this from
>> valid shells.
>>
>
> Because if you use /sbin/nologin, rather than say /bin/false, you get a
> failure message in syslog.
>
> - ajax
>
> --
> Fedora-maintainers mailing list
> Fedora-maintainers at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-maintainers
>
I guess a better question would be how to tell the difference between a
valid "user" and a "service" on the system. Currently SELinux checks if
uid < 500 (GID_MIN from /etc/login.defs) or a shell from /etc/shells -
/sbin/nologin.
This is used to make sure the labeling of the home directory is done
properly.
More information about the Fedora-maintainers
mailing list