From owner-cvs-src@FreeBSD.ORG  Mon Jun 18 09:54:45 2007
Return-Path: <owner-cvs-src@FreeBSD.ORG>
X-Original-To: cvs-src@FreeBSD.ORG
Delivered-To: cvs-src@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 0A0E216A468;
	Mon, 18 Jun 2007 09:54:45 +0000 (UTC)
	(envelope-from delphij@delphij.net)
Received: from tarsier.geekcn.org (tarsier.geekcn.org [210.51.165.229])
	by mx1.freebsd.org (Postfix) with ESMTP id E5F1B13C469;
	Mon, 18 Jun 2007 09:54:43 +0000 (UTC)
	(envelope-from delphij@delphij.net)
Received: from localhost (tarsier.geekcn.org [210.51.165.229])
	by tarsier.geekcn.org (Postfix) with ESMTP id AE25AEB15B3;
	Mon, 18 Jun 2007 17:54:31 +0800 (CST)
X-Virus-Scanned: amavisd-new at geekcn.org
Received: from tarsier.geekcn.org ([210.51.165.229])
	by localhost (mail.geekcn.org [210.51.165.229]) (amavisd-new,
	port 10024)
	with ESMTP id R4NKgTuzK9pC; Mon, 18 Jun 2007 17:54:29 +0800 (CST)
Received: from LI-Xins-MacBook.local (sina152-194.staff.sina.com.cn
	[61.135.152.194])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by tarsier.geekcn.org (Postfix) with ESMTP id A7267EB15B2;
	Mon, 18 Jun 2007 17:54:23 +0800 (CST)
DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns;
	h=message-id:date:from:organization:user-agent:mime-version:to:cc:
	subject:references:in-reply-to:x-enigmail-version:content-type;
	b=RDezJrRWzRDwtPDmzo1ZFEHFezJ3EMbA4SQRkn/NODadqZ7t2dMOwTXZ/S+uTxbDF
	e5SB9Tz++Mp6eO0ztLmbA==
Message-ID: <4676564E.6060105@delphij.net>
Date: Mon, 18 Jun 2007 17:54:22 +0800
From: LI Xin <delphij@delphij.net>
Organization: The FreeBSD Project
User-Agent: Thunderbird 2.0.0.4 (Macintosh/20070604)
MIME-Version: 1.0
To: Yar Tikhiy <yar@FreeBSD.ORG>
References: <200706171725.l5HHPr2c092609@repoman.freebsd.org>
	<46764262.1060408@delphij.net>
In-Reply-To: <46764262.1060408@delphij.net>
X-Enigmail-Version: 0.95.1
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
	boundary="------------enig932DA894C74D2DB146F614C1"
Cc: cvs-src@FreeBSD.ORG, src-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: src/etc/pam.d Makefile cron src/usr.sbin/cron/cron
 Makefile cron.8 cron.h database.c do_command.c src/usr.sbin/cron/lib
 Makefile entry.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jun 2007 09:54:45 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig932DA894C74D2DB146F614C1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

LI Xin wrote:
> Hi,
>=20
> Yar Tikhiy wrote:
>> yar         2007-06-17 17:25:53 UTC
>>
>>   FreeBSD src repository
>>
>>   Modified files:
>>     etc/pam.d            Makefile=20
>>     usr.sbin/cron/cron   Makefile cron.8 cron.h database.c=20
>>                          do_command.c=20
>>     usr.sbin/cron/lib    Makefile entry.c=20
>>   Added files:
>>     etc/pam.d            cron=20
>>   Log:
>>   Add PAM support to cron(8).  Now cron(8) will skip commands schedule=
d
>>   by unavailable accounts, e.g., those locked, expired, not allowed in=
 at
>>   the moment by nologin(5), or whatever, depending on cron's pam.conf(=
5).
>>   This applies to personal crontabs only, /etc/crontab is unaffected.
>=20
> This will silently break a lot of ports, for instance mail/mailman,
> which creates nologin(5) users with crontab entry.  Can we for now
> (because we are near a new release) try not disabling nologin(5) users,=

> and discuss a better solution?
>=20
> A possible alternative is to make a pam_ftpusers(8) alike PAM module
> which is marked as "sufficient" and explicitly pass /var/cron/allow
> users (especially ports) to override the policy.

Thanks to ru@, I should have noticed that nologin(5) is different from
nologin(8) and this would not affect ports installations.

Sorry for the confusion.

Cheers,
--=20
Xin LI <delphij@delphij.net>	http://www.delphij.net/
FreeBSD - The Power to Serve!


--------------enig932DA894C74D2DB146F614C1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGdlZOOfuToMruuMARCvUVAJ0ST17PuSUjhTOXWJWlxHV9FqCaHQCeP46d
IPPVp3O5ul1/lo7tDd3dqOg=
=wLG8
-----END PGP SIGNATURE-----

--------------enig932DA894C74D2DB146F614C1--