Bug 80170

Summary: incorrect login shell for mailman
Product: [Retired] Red Hat Linux Reporter: Chris Ricker <chris.ricker>
Component: mailmanAssignee: John Dennis <jdennis>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 9   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-10-02 00:47:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Ricker 2002-12-21 07:06:21 UTC 
On any everything beta2 install, I have the following system account:

mailman:x:41:41:GNU Mailing List Manager:/var/mailman:/bin/false

this shell should be /sbin/nologin, not /bin/false
Comment 1 Chris Ricker 2003-02-20 05:04:35 UTC 
still true with mailman-2.1-8 in beta5
Comment 2 John Dennis 2003-02-20 17:24:41 UTC 
Done - fixed in mailman-2.1.1-2

BTW current rpm is now up to mailman 2.1.1 and can be found on
ftp://people.redhat.com/jdennis
Comment 3 Chris Ricker 2004-10-02 00:47:34 UTC 
Sorry, should have closed this one a while ago ;-)
Comment 4 John Dennis 2004-10-04 15:04:42 UTC 
Actually that was good timing as I was just considering the login
shell issue a few days ago as we were applying some SELinux fixes for
mailman.  Sometimes an admin wants to run the mailman command line
utilities, this should be done as the user mailman, that requirement
is getting even stronger with the introduction of SELinux security
policies where even root can't run things if the policy does not permit.

So I started to think whether the mailman user should be able to login
in which would require a shell. Under the current scheme one would
need to su to mailman after logging in. I tried to find what the
recommendation was on this issue, but after 30-40 minutes of searching
 I didn't identify a "convention or practice" so I put it aside
thinking I would come back to it.

What's your take Chris? Should there be a login shell for mailman so
the mailman admin can login and do admin tasks?