Date: Thu, 16 Sep 2004 06:37:38 GMT From: Andrew Hayden <andrew.hayden@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/71786: adduser breaks if /sbin/nologin is included in /etc/shells Message-ID: <200409160637.i8G6bcLG075457@www.freebsd.org> Resent-Message-ID: <200409160640.i8G6eJ5r089433@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 71786
>Category: bin
>Synopsis: adduser breaks if /sbin/nologin is included in /etc/shells
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Sep 16 06:40:19 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Andrew Hayden
>Release: 5.2.1
>Organization:
>Environment:
FreeBSD server1.aexx.net 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Background:
I build & installed proftpd. I created a test user whose shell was set to '/sbin/nologin' by running adduser and specifying 'nologin' as the shell. Then, I tried to log in to proftpd and realized that since /etc/shells doesn't contain '/sbin/nologin', proftpd would not allow me to log in. So, I added '/sbin/nologin' to /etc/shells.
Now that I have done this, the adduser command is unable to add users whose shell is 'nologin'. It corrupts /etc/master.passwd and requires user intervention to repair (via vipw, then pwd_mkdb -p /etc/master.passwd).
It appears that adduser chokes when /sbin/nologin is present in /etc/shells.
Here is relevant output from a session...
****BEGIN CLIP ****
root@server1[~/scripts/management]# adduser
Username: test
Full name:
Uid (Leave empty for default):
Login group [test]:
Login group is test. Invite test into other groups? []:
Login class [default]:
Shell (sh csh tcsh nologin bash false nologin) [sh]: nologin
Home directory [/home/test]:
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]: yes
Lock out the account after creation? [no]:
Username : test
Password : <random>
Full Name :
Uid : 1004
Class :
Groups : test
Home : /home/test
Shell : /sbin/nologin
/sbin/nologin
Locked : no
OK? (yes/no): yes
pwd_mkdb: corrupted entry
pwd_mkdb: at line #26
pwd_mkdb: /etc/master.passwd: Inappropriate file type or format
pw: passwd file update: Inappropriate ioctl for device
adduser: ERROR: There was an error adding user (test).
Add another user? (yes/no): no
Goodbye!
root@server1[~/scripts/management]# cat /etc/shells
# $FreeBSD: src/etc/shells,v 1.5 2000/04/27 21:58:46 ache Exp $
#
# List of acceptable shells for chpass(1).
# Ftpd will not allow users to connect who are not using
# one of these shells.
/bin/sh
/bin/csh
/bin/tcsh
/sbin/nologin
/usr/local/bin/bash
/usr/bin/false
root@server1[~/scripts/management]# cat /etc/master.passwd
# $FreeBSD: src/etc/master.passwd,v 1.34 2003/04/27 05:45:29 imp Exp $
#
[[[ lots of stuff omitted for bug report, next line is line 23]]]
aexx:[omitted for bug report]:1003:1003::0:0:Aexx:/home/aexx:/sbin/nologin
test:$1$1k7RDJ9C$fqwDyAI8dBzN63sSi7Ly..:1004:1004::0:0:User &:/home/test:/sbin/nologin
/sbin/nologin
**** END CLIP ****
>How-To-Repeat:
1. Ensure that /etc/shells does not contain '/sbin/nologin'.
2. Create a user with 'adduser' whose shell is 'nologin'.
3. Delete that user.
4. Add '/sbin/nologin' to /etc/shells.
5. Repeat step 2 exactly as you did before.
6. Examine /etc/master.passwd with vipw and confirm corrupted entry.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409160637.i8G6bcLG075457>