Description of problem: The /etc/shells file is often used by various programs to distinguish between normal users and pseudoaccounts (see the shells(5) manpage for example). Yet the default /etc/shells (at least in RHEL4 update 3 and Fedora Core 6) contains /sbin/nologin, a shell dedicated for pseudoaccounts only. I think /etc/shells should not contain /sbin/nologin as a valid shell, as this goes directly against the purpose of both /etc/shells and /sbin/nologin. Or (as the worst possible solution) the manpage of shells(5) should be corrected. I am keeping the severity at "medium", but I think it might be a security bug, as some daemons can mishandle pseudoaccount as a normal user account by looking whether the account has shell which is listed in /etc/shells. Version-Release number of selected component (if applicable): setup-2.5.37-1.3 (and also setup-2.6.1.1-1.fc6).
Reviewing. Read ya, Phil
/sbin/nologin is intentional and was introduced quite some time ago as a RFE specifically for that purpose to have a valid shell that prevents user login. See also https://bugzilla.redhat.com/bugzilla//show_bug.cgi?id=53963 Thanks, Read ya, Phil *** This bug has been marked as a duplicate of 70414 ***