Red Hat Bugzilla – Bug 439835
gdm login list includes accounts that shouldn't be able to login
Last modified: 2015-01-14 18:20:40 EST
Description of problem:
For a while (during the F9 rawhide period) gdm only listed accounts that had
logged in and 'other'. Now it seems to be listing lots of accounts even those
with a shell of /sbin/nologin which seems wrong. I am not sure of the intention,
but I would expect that accounts with shells of /sbin/nologin would not be
included in the list. (Probably any account with a shell not in /etc/shells
should also be excluded.)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Add some accounts with a shell of /sbin/nologin
2.Logout at the console with X running and wait for gdm to start
Long list of accounts that aren't allowed to login.
Only mt account and 'other' expected to be in the list.
I am not seeing all of the accounts on the system listed, so I am guessing it
may be doing some filtering based on uid. I don't think that is appropiate
(except maybe for uid 0) as they are arbitrary and aren't necessarily correlated
to which accounts can login.
Well, we already exclude all users with shells not in /etc/shells. The problem
is that /sbin/nologin is in /etc/shells. So, I've patched upstream to
explicitly exclude users with /sbin/nologin and /bin/false as shells.
Thanks! That solution sounds great and will definitely take care of my problem.