Bug 439835

Summary: gdm login list includes accounts that shouldn't be able to login
Product: [Fedora] Fedora Reporter: Bruno Wolff III <bruno>
Component: gdmAssignee: jmccann
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: cschalle, rstrode
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-31 23:40:38 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 235705    

Description Bruno Wolff III 2008-03-31 13:09:33 EDT 
Description of problem:
For a while (during the F9 rawhide period) gdm only listed accounts that had
logged in and 'other'. Now it seems to be listing lots of accounts even those
with a shell of /sbin/nologin which seems wrong. I am not sure of the intention,
but I would expect that accounts with shells of /sbin/nologin would not be
included in the list. (Probably any account with a shell not in /etc/shells
should also be excluded.)

Version-Release number of selected component (if applicable):
gdm-2.21.10-0.2008.03.26.3.fc9.i386

How reproducible:
100%

Steps to Reproduce:
1.Add some accounts with a shell of /sbin/nologin
2.Logout at the console with X running and wait for gdm to start
3.
  
Actual results:
Long list of accounts that aren't allowed to login.

Expected results:
Only mt account and 'other' expected to be in the list.

Additional info:
I am not seeing all of the accounts on the system listed, so I am guessing it
may be doing some filtering based on uid. I don't think that is appropiate
(except maybe for uid 0) as they are arbitrary and aren't necessarily correlated
to which accounts can login.
Comment 1 jmccann 2008-03-31 23:40:38 EDT 
Well, we already exclude all users with shells not in /etc/shells.  The problem
is that /sbin/nologin is in /etc/shells.  So, I've patched upstream to
explicitly exclude users with /sbin/nologin and /bin/false as shells.
Comment 2 Bruno Wolff III 2008-04-01 06:38:59 EDT 
Thanks! That solution sounds great and will definitely take care of my problem.