LI Xin wrote: > Hi, > > Yar Tikhiy wrote: >> yar 2007-06-17 17:25:53 UTC >> >> FreeBSD src repository >> >> Modified files: >> etc/pam.d Makefile >> usr.sbin/cron/cron Makefile cron.8 cron.h database.c >> do_command.c >> usr.sbin/cron/lib Makefile entry.c >> Added files: >> etc/pam.d cron >> Log: >> Add PAM support to cron(8). Now cron(8) will skip commands scheduled >> by unavailable accounts, e.g., those locked, expired, not allowed in at >> the moment by nologin(5), or whatever, depending on cron's pam.conf(5). >> This applies to personal crontabs only, /etc/crontab is unaffected. > > This will silently break a lot of ports, for instance mail/mailman, > which creates nologin(5) users with crontab entry. Can we for now > (because we are near a new release) try not disabling nologin(5) users, > and discuss a better solution? > > A possible alternative is to make a pam_ftpusers(8) alike PAM module > which is marked as "sufficient" and explicitly pass /var/cron/allow > users (especially ports) to override the policy.
Thanks to ru@, I should have noticed that nologin(5) is different from nologin(8) and this would not affect ports installations. Sorry for the confusion. Cheers, -- Xin LI <[EMAIL PROTECTED]> http://www.delphij.net/ FreeBSD - The Power to Serve!
signature.asc
Description: OpenPGP digital signature
