Justin Pryzby wrote: > On Tue, Jun 19, 2007 at 10:47:05PM +0200, Michael Kerrisk wrote: >> Justin Pryzby wrote: >>> On Tue, Jun 19, 2007 at 09:51:32PM +0200, Michael Kerrisk wrote: > > [.. See bug #410221 ..] > >>>> Justin, >>>> >>>> Are you suggesting something needs to change in shells(5)? I can't work >>>> out what it is from a short read of your mail. >>> Suggesting but not necessarily recommending; linux su must be more >>> canonical than some unnamed ftpds. >> Hi Justin, >> >> Make your suggestion as a patch please... > > --- - 2007-06-19 19:09:45.068002000 -0400 > +++ /tmp/shells.5 2007-06-19 19:09:38.000000000 -0400 > @@ -23,20 +23,25 @@ > .\" Modified Sat Jul 24 17:11:07 1993 by Rik Faith ([EMAIL PROTECTED]) > .\" Modified Sun Nov 21 10:49:38 1993 by Michael Haardt > .\" Modified Sun Feb 26 15:09:15 1995 by Rik Faith ([EMAIL PROTECTED]) > -.TH SHELLS 5 1993-11-21 "" "Linux Programmer's Manual" > +.\" Modified Tue Jun 19 22:57:29 2007 by Justin Pryzby <[EMAIL PROTECTED]> > +.TH SHELLS 5 2007-06-19 "" "Linux Programmer's Manual" > .SH NAME > shells \- pathnames of valid login shells > .SH DESCRIPTION > .I /etc/shells > -is a text file which contains the full pathnames of valid login shells. > +is a text file which contains the absolute pathnames of valid login > +shells. > This file is consulted by > .BR chsh (1) > -and available to be queried by other programs. > -.PP > -Be aware that there are programs which consult this file to > -find out if a user is a normal user. > -E.g.: ftp daemons traditionally > +and is available to be queried by other programs. > +.SH NOTES > +Be aware that some programs consult this file to test if a user is a > +normal user or a disabled "system" user. Linux
So, now I'm starting to get clearer. Are you saying that su will reject a user if there login shell is not one of those listed in /etc/shells? Cheers, Michael > +.B su > +considers shells not listed here to be "restricted", and some ftp daemons > disallow access to users with shells not included in this file. > +.SH FILES > +.I /etc/shells > .SH EXAMPLE > .I /etc/shells > may contain the following paths: > @@ -46,8 +51,6 @@ > .br > .I /bin/csh > .RE > -.SH FILES > -.I /etc/shells > .SH "SEE ALSO" > .BR chsh (1), > .BR getusershell (3) > > > ------------------------------------------------------------------------ > > --- - 2007-06-19 19:09:42.903722000 -0400 > +++ /tmp/shells.5 2007-06-19 19:09:38.000000000 -0400 > @@ -23,20 +23,25 @@ > .\" Modified Sat Jul 24 17:11:07 1993 by Rik Faith ([EMAIL PROTECTED]) > .\" Modified Sun Nov 21 10:49:38 1993 by Michael Haardt > .\" Modified Sun Feb 26 15:09:15 1995 by Rik Faith ([EMAIL PROTECTED]) > -.TH SHELLS 5 1993-11-21 "" "Linux Programmer's Manual" > +.\" Modified Tue Jun 19 22:57:29 2007 by Justin Pryzby <[EMAIL PROTECTED]> > +.TH SHELLS 5 2007-06-19 "" "Linux Programmer's Manual" > .SH NAME > shells \- pathnames of valid login shells > .SH DESCRIPTION > .I /etc/shells > -is a text file which contains the full pathnames of valid login shells. > +is a text file which contains the absolute pathnames of valid login > +shells. > This file is consulted by > .BR chsh (1) > -and available to be queried by other programs. > -.PP > -Be aware that there are programs which consult this file to > -find out if a user is a normal user. > -E.g.: ftp daemons traditionally > +and is available to be queried by other programs. > +.SH NOTES > +Be aware that some programs consult this file to test if a user is a > +normal user or a disabled "system" user. Linux > +.B su > +considers shells not listed here to be "restricted", and some ftp daemons > disallow access to users with shells not included in this file. > +.SH FILES > +.I /etc/shells > .SH EXAMPLE > .I /etc/shells > may contain the following paths: > @@ -46,8 +51,6 @@ > .br > .I /bin/csh > .RE > -.SH FILES > -.I /etc/shells > .SH "SEE ALSO" > .BR chsh (1), > .BR getusershell (3) -- Michael Kerrisk maintainer of Linux man pages Sections 2, 3, 4, 5, and 7 Want to help with man page maintenance? Grab the latest tarball at http://www.kernel.org/pub/linux/docs/manpages/ read the HOWTOHELP file and grep the source files for 'FIXME'. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
