Bug 53963 - RFE: Add a safe nologon shell to /etc/shells
Summary: RFE: Add a safe nologon shell to /etc/shells
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: setup   
(Show other bugs)
Version: 7.3
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: David Lawrence
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2001-09-24 15:37 UTC by R P Herrold
Modified: 2014-03-17 02:23 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-23 05:42:35 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description R P Herrold 2001-09-24 15:37:54 UTC
Please add a SAFE no-login type shell to the base /etc/shells -- safe in
the sense that it is immune from the Shell variable pre-load attack.  It
needs to be here, so that 'chsh' and other tools will allow its use without
manual edit of /etc/passwd

Nalin suggested /sbin/nologin on testers-list, but unlike all the other
'default' shells, this is not in /bin ...

Doesn't bother me, but ...

Comment 1 Bill Nottingham 2001-09-24 16:06:13 UTC
One already exists. It's in /etc/shells.

Comment 2 Bill Nottingham 2001-09-24 16:06:46 UTC
Oops, it's *not* in /etc/shells.

Comment 3 Bill Nottingham 2001-09-24 16:07:15 UTC

Comment 4 Elliot Lee 2002-01-04 18:45:57 UTC
Someone who knows how the 'setup' package is maintained should add /sbin/nologin
to the default /etc/shells

This is, of course, assuming that /sbin/nologin is intended for this purpose.
(We have been shipping it already, and I am just wondering if it is being used
for purposes where its addition to /etc/shells would cause a security hole...)

Comment 5 Bill Nottingham 2002-03-11 06:02:06 UTC
fixed in 2.5.8-1.

Comment 6 Jonathan Kamens 2002-03-31 23:06:34 UTC
I am very concerned with the security implications of this change.  I don't know
if this is still true in a standard Red Hat installation, but for a very long
time on a very large number of Unix variants, the contents of /etc/shells have
been used to determine whether someone could FTP into a particular account. 
I.e., inbound FTP connections would be disallowed for users with shells not
listed in /etc/shells.  Because of this, /sbin/nologin was intentionally *not*
listed in /etc/shells, to prevent people with that shell from being able to FTP
into their accounts.

By adding it, have you circumvented that intentional security design?

I have reopened this bug to ensure that this issue has been considered.  If it
has been and I'm off the mark, please reclose the bug.

Comment 7 Bill Nottingham 2004-09-23 05:42:35 UTC
At this point, I'm comfortable with this change. (Yeah, I know, bad
answer, but it's been two years, and it hasn't been a problem to this

Note You need to log in before you can comment on or make changes to this bug.