Woops! I didn't know that. Thanks for the explanation :) -- Olivier Duclos
On Tue, Oct 31, 2023, at 20:02, Aurelien Jarno wrote: > Hi, > > On 2023-10-30 22:17, Olivier Duclos wrote: >> Package: libc6-dev >> Source: glibc >> Version: 2.38-3 >> Severity: normal >> >> In /usr/include/paths.h at line 56 we have: >> >> #define _PATH_NOLOGIN "/etc/nologin" >> >> This path is incorrect and should be replaced by "/usr/sbin/nologin". > > I think you are missing two different things: > - The /etc/nologin file that prevent non-root users to log on a > machine if it exists. > - The nologin shell that can be used in /etc/passwd to prevent the > corresponding users to login. > > Changing _PATH_NOLOGIN to "/usr/sbin/nologin", as you suggest, might > prevent users to log on there system once packages are rebuild against > the changed paths.h as this binary is provided by an essential package > present on all systems. "might" because pam does not use the glibc > paths.h and hard codes the path instead. But OpenSSH seems to use it. > > Regards > Aurelien > > -- > Aurelien Jarno GPG: 4096R/1DDD8C9B > aurel...@aurel32.net http://aurel32.net
