From owner-freebsd-bugs@FreeBSD.ORG  Thu Apr 29 15:20:57 2010
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A6A191065672
	for <freebsd-bugs@freebsd.org>; Thu, 29 Apr 2010 15:20:57 +0000 (UTC)
	(envelope-from freebsd-bugs-local@be-well.ilk.org)
Received: from mail8.sea5.speakeasy.net (mail8.sea5.speakeasy.net
	[69.17.117.53]) by mx1.freebsd.org (Postfix) with ESMTP id 7F5028FC0C
	for <freebsd-bugs@freebsd.org>; Thu, 29 Apr 2010 15:20:57 +0000 (UTC)
Received: (qmail 7844 invoked from network); 29 Apr 2010 15:20:57 -0000
Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org)
	([66.92.78.145])
	(envelope-sender <freebsd-bugs-local@be-well.ilk.org>)
	by mail8.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP
	for <freebsd-bugs@freebsd.org>; 29 Apr 2010 15:20:56 -0000
Received: by be-well.ilk.org (Postfix, from userid 1147)
	id 1BA9D5082A; Thu, 29 Apr 2010 11:20:55 -0400 (EDT)
From: Lowell Gilbert <freebsd-bugs-local@be-well.ilk.org>
To: Paul Hoffman <phoffman@proper.com>
References: <201004201507.o3KF7Ydf006145@www.freebsd.org>
	<44vdbk6a48.fsf@be-well.ilk.org>
	<p0624086dc7f4d96fd620@[10.20.30.158]>
	<44mxww5ta3.fsf@be-well.ilk.org>
	<p0624088cc7f53a5a8d7e@[10.20.30.158]>
Date: Thu, 29 Apr 2010 11:20:55 -0400
In-Reply-To: <p0624088cc7f53a5a8d7e@[10.20.30.158]> (Paul Hoffman's message of
	"Wed\, 21 Apr 2010 16\:34\:10 -0700")
Message-ID: <44och29tew.fsf@be-well.ilk.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: freebsd-bugs@freebsd.org
Subject: Re: conf/145887: /usr/sbin/nologin should be in the default
	/etc/shells
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Apr 2010 15:20:57 -0000

I haven't been doing a very good job explaining myself.  Maybe someone
else will (eventually) do a better job.  Or whap me in the head for
being wrong...

Paul Hoffman <phoffman@proper.com> writes:

> The problem is that many servers in the ports collection (such as mail access programs like qpoper) will only let clients connect if the client has a shell that is listed in /etc/shells. From a security standpoint, it would be obviously better to give these users the ability to act as clients but not to be able to log in using the shells that are listed by default (sh, csh, or tcsh).
>
> It sounds like you are suggesting that these users should be given a *different* shell, and that shell be added to /etc/shells. Why would that be any better than adding /usr/sbin/nologin to /etc/shells?

Exactly right.  The reason it's better is that you wouldn't be opening
up existing nologin users to be able to receive mail, FTP in, and so
on.  It's okay if you want to do that on your box, but doing it by
default would be an unreasonable breach of the so-called "Principle of
Least Astonishment," and one involving potential security problems at
that.