Red Hat Bugzilla – Bug 80170
incorrect login shell for mailman
Last modified: 2007-04-18 12:49:12 EDT
On any everything beta2 install, I have the following system account:
mailman:x:41:41:GNU Mailing List Manager:/var/mailman:/bin/false
this shell should be /sbin/nologin, not /bin/false
still true with mailman-2.1-8 in beta5
Done - fixed in mailman-2.1.1-2
BTW current rpm is now up to mailman 2.1.1 and can be found on
Sorry, should have closed this one a while ago ;-)
Actually that was good timing as I was just considering the login
shell issue a few days ago as we were applying some SELinux fixes for
mailman. Sometimes an admin wants to run the mailman command line
utilities, this should be done as the user mailman, that requirement
is getting even stronger with the introduction of SELinux security
policies where even root can't run things if the policy does not permit.
So I started to think whether the mailman user should be able to login
in which would require a shell. Under the current scheme one would
need to su to mailman after logging in. I tried to find what the
recommendation was on this issue, but after 30-40 minutes of searching
I didn't identify a "convention or practice" so I put it aside
thinking I would come back to it.
What's your take Chris? Should there be a login shell for mailman so
the mailman admin can login and do admin tasks?