Bug 2102

Summary: No specified shell in passwd allows login
Product: [Retired] Red Hat Linux Reporter: Joshua Jensen <joshua>
Component: pamAssignee: Michael K. Johnson <johnsonm>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5.2CC: cks-rhbugzilla, gafton
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-04-12 23:29:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joshua Jensen 1999-04-09 23:59:58 UTC 
Only tested on RHL 5.2 Intel, but if the last field in
/etc/passwd is cleared, then login IS permitted (with bash I
think), and the specified home directory is ignored and
replace by /

Yes, this IS a mis-configuration, but some sysadmins might
mistakenly think that this is a viable substitute for
/bin/false or /dev/null.
Comment 1 Chris Siebenmann 1999-04-10 03:31:59 UTC 
In /etc/passwd, an omitted shell historically means '/bin/sh'
(although not all programs get it right). If it gave one a home
directory of /, it would be broken, but in a quick test on a RH
5.2 Linux system it doesn't seem to.

 I don't think that pam should 'fix' this; we have environments that
need to share the password file between RedHat and other systems,
and those other systems expect the historical behavior for a blank
shell field.
Comment 2 Bill Nottingham 1999-04-12 23:29:59 UTC 
The behavior when the shell field is blank is
to use the default login shell; hence, this is normal
behavior.

------- Email Received From  Joshua <jtech.com> 04/13/99 19:19 -------


------- Email Received From  "Michael K. Johnson" <johnsonm> 04/14/99 12:09 -------