Please add a SAFE no-login type shell to the base /etc/shells -- safe in the sense that it is immune from the Shell variable pre-load attack. It needs to be here, so that 'chsh' and other tools will allow its use without manual edit of /etc/passwd Nalin suggested /sbin/nologin on testers-list, but unlike all the other 'default' shells, this is not in /bin ... Doesn't bother me, but ...
One already exists. It's in /etc/shells.
Oops, it's *not* in /etc/shells.
Reassigning.
Someone who knows how the 'setup' package is maintained should add /sbin/nologin to the default /etc/shells This is, of course, assuming that /sbin/nologin is intended for this purpose. (We have been shipping it already, and I am just wondering if it is being used for purposes where its addition to /etc/shells would cause a security hole...)
fixed in 2.5.8-1.
I am very concerned with the security implications of this change. I don't know if this is still true in a standard Red Hat installation, but for a very long time on a very large number of Unix variants, the contents of /etc/shells have been used to determine whether someone could FTP into a particular account. I.e., inbound FTP connections would be disallowed for users with shells not listed in /etc/shells. Because of this, /sbin/nologin was intentionally *not* listed in /etc/shells, to prevent people with that shell from being able to FTP into their accounts. By adding it, have you circumvented that intentional security design? I have reopened this bug to ensure that this issue has been considered. If it has been and I'm off the mark, please reclose the bug.
At this point, I'm comfortable with this change. (Yeah, I know, bad answer, but it's been two years, and it hasn't been a problem to this point.)