Bug 53963 - RFE: Add a safe nologon shell to /etc/shells
RFE: Add a safe nologon shell to /etc/shells
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: setup (Show other bugs)
7.3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
David Lawrence
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-09-24 11:37 EDT by R P Herrold
Modified: 2014-03-16 22:23 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-23 01:42:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description R P Herrold 2001-09-24 11:37:54 EDT
Please add a SAFE no-login type shell to the base /etc/shells -- safe in
the sense that it is immune from the Shell variable pre-load attack.  It
needs to be here, so that 'chsh' and other tools will allow its use without
manual edit of /etc/passwd

Nalin suggested /sbin/nologin on testers-list, but unlike all the other
'default' shells, this is not in /bin ...

Doesn't bother me, but ...
Comment 1 Bill Nottingham 2001-09-24 12:06:13 EDT
One already exists. It's in /etc/shells.
Comment 2 Bill Nottingham 2001-09-24 12:06:46 EDT
Oops, it's *not* in /etc/shells.
Comment 3 Bill Nottingham 2001-09-24 12:07:15 EDT
Reassigning.
Comment 4 Elliot Lee 2002-01-04 13:45:57 EST
Someone who knows how the 'setup' package is maintained should add /sbin/nologin
to the default /etc/shells

This is, of course, assuming that /sbin/nologin is intended for this purpose.
(We have been shipping it already, and I am just wondering if it is being used
for purposes where its addition to /etc/shells would cause a security hole...)
Comment 5 Bill Nottingham 2002-03-11 01:02:06 EST
fixed in 2.5.8-1.
Comment 6 Jonathan Kamens 2002-03-31 18:06:34 EST
I am very concerned with the security implications of this change.  I don't know
if this is still true in a standard Red Hat installation, but for a very long
time on a very large number of Unix variants, the contents of /etc/shells have
been used to determine whether someone could FTP into a particular account. 
I.e., inbound FTP connections would be disallowed for users with shells not
listed in /etc/shells.  Because of this, /sbin/nologin was intentionally *not*
listed in /etc/shells, to prevent people with that shell from being able to FTP
into their accounts.

By adding it, have you circumvented that intentional security design?

I have reopened this bug to ensure that this issue has been considered.  If it
has been and I'm off the mark, please reclose the bug.
Comment 7 Bill Nottingham 2004-09-23 01:42:35 EDT
At this point, I'm comfortable with this change. (Yeah, I know, bad
answer, but it's been two years, and it hasn't been a problem to this
point.)

Note You need to log in before you can comment on or make changes to this bug.