Bug 53963
Summary: | RFE: Add a safe nologon shell to /etc/shells | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | R P Herrold <herrold> |
Component: | setup | Assignee: | Bill Nottingham <notting> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.3 | CC: | mishu, nalin, notting, rvokal |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-09-23 05:42:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
R P Herrold
2001-09-24 15:37:54 UTC
One already exists. It's in /etc/shells. Oops, it's *not* in /etc/shells. Reassigning. Someone who knows how the 'setup' package is maintained should add /sbin/nologin to the default /etc/shells This is, of course, assuming that /sbin/nologin is intended for this purpose. (We have been shipping it already, and I am just wondering if it is being used for purposes where its addition to /etc/shells would cause a security hole...) fixed in 2.5.8-1. I am very concerned with the security implications of this change. I don't know if this is still true in a standard Red Hat installation, but for a very long time on a very large number of Unix variants, the contents of /etc/shells have been used to determine whether someone could FTP into a particular account. I.e., inbound FTP connections would be disallowed for users with shells not listed in /etc/shells. Because of this, /sbin/nologin was intentionally *not* listed in /etc/shells, to prevent people with that shell from being able to FTP into their accounts. By adding it, have you circumvented that intentional security design? I have reopened this bug to ensure that this issue has been considered. If it has been and I'm off the mark, please reclose the bug. At this point, I'm comfortable with this change. (Yeah, I know, bad answer, but it's been two years, and it hasn't been a problem to this point.) |