Bug 52989 - lots of incorrect shells in /etc/passwd
lots of incorrect shells in /etc/passwd
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: setup (Show other bugs)
7.3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-08-31 22:29 EDT by Chris Ricker
Modified: 2014-03-16 22:23 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-09-04 09:58:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Chris Ricker 2001-08-31 22:29:09 EDT
The shipped /etc/passwd has the following problems:

news doesn't have a shell at all; it should use /sbin/nologin

ntp has a shell of /bin/nologin, which doesn't exist; this should be
/sbin/nologin

apache, rpc, and xfs have /bin/false for a shell; they should also use
/sbin/nologin


The corresponding shipped /etc/shadow file uses a mix of "*" and "!!" in
place of encrypted password strings for accounts which can't be logged
into.  It'd make a lot more sense to pick one or the other and then
consistently use it.
Comment 1 Bill Nottingham 2001-09-02 23:46:45 EDT
news with /sbin/nologin breaks.
Comment 2 Bill Nottingham 2001-09-02 23:47:28 EDT
Please file apache, ntp, xfs, rpc against the associated packages that create
the entries in their %pre scripts - thanks!
Comment 3 Bill Nottingham 2001-09-02 23:48:07 EDT
Also, we don't ship an /etc/shadow file.
Comment 4 Chris Ricker 2001-09-03 09:44:18 EDT
Well, news should have *something* as a shell.  I'll file that one as well.
Comment 5 Chris Ricker 2001-09-03 09:45:28 EDT
I realize shadow is generated, not shipped.  That's what makes it even stupider
that you generate some entries with !! and others with *.  What should I file
that one against?
Comment 6 Chris Ricker 2001-09-03 09:59:45 EDT
Upon further inspection, the news entry in my passwd file appears to be from the
default passwd file shipped by RH; I don't have INN or anything like that
installed which should have created it.
Comment 7 Bill Nottingham 2001-09-03 11:54:41 EDT
For the shadow thing, shadow-utils, since it contains pwconv/pwunconv. What it
look s like, though, is that pwconv puts in a '*', while adduser/useradd later
puts in '!!'.

news having no shell is equivalent to shell == /bin/sh. Since that is what it
would  be set to anyways, this is not a security bug.
Comment 8 Chris Ricker 2001-09-04 09:58:39 EDT
Wouldn't the correct behavior for news to be for it to use /sbin/nologin for a
shell by default, and only to change that on the < 1% of systems which actually
need it to be /bin/sh because they're running a news server?
Comment 9 Bill Nottingham 2002-03-11 01:00:49 EST
That seems to be excessive complication.

Note You need to log in before you can comment on or make changes to this bug.