Bug 80170 - incorrect login shell for mailman
incorrect login shell for mailman
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: mailman (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: John Dennis
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-12-21 02:06 EST by Chris Ricker
Modified: 2007-04-18 12:49 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-01 20:47:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Ricker 2002-12-21 02:06:21 EST
On any everything beta2 install, I have the following system account:

mailman:x:41:41:GNU Mailing List Manager:/var/mailman:/bin/false

this shell should be /sbin/nologin, not /bin/false
Comment 1 Chris Ricker 2003-02-20 00:04:35 EST
still true with mailman-2.1-8 in beta5
Comment 2 John Dennis 2003-02-20 12:24:41 EST
Done - fixed in mailman-2.1.1-2

BTW current rpm is now up to mailman 2.1.1 and can be found on
ftp://people.redhat.com/jdennis
Comment 3 Chris Ricker 2004-10-01 20:47:34 EDT
Sorry, should have closed this one a while ago ;-)
Comment 4 John Dennis 2004-10-04 11:04:42 EDT
Actually that was good timing as I was just considering the login
shell issue a few days ago as we were applying some SELinux fixes for
mailman.  Sometimes an admin wants to run the mailman command line
utilities, this should be done as the user mailman, that requirement
is getting even stronger with the introduction of SELinux security
policies where even root can't run things if the policy does not permit.

So I started to think whether the mailman user should be able to login
in which would require a shell. Under the current scheme one would
need to su to mailman after logging in. I tried to find what the
recommendation was on this issue, but after 30-40 minutes of searching
 I didn't identify a "convention or practice" so I put it aside
thinking I would come back to it.

What's your take Chris? Should there be a login shell for mailman so
the mailman admin can login and do admin tasks? 

Note You need to log in before you can comment on or make changes to this bug.