From owner-freebsd-bugs  Sun May 24 07:25:09 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA22942
          for freebsd-bugs-outgoing; Sun, 24 May 1998 07:25:09 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA22934
          for <freebsd-bugs@FreeBSD.org>; Sun, 24 May 1998 07:25:07 -0700 (PDT)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id HAA24863;
	Sun, 24 May 1998 07:20:01 -0700 (PDT)
Received: from david.communique.no (ppp083.uio.no [129.240.240.88])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id HAA22318
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 24 May 1998 07:18:16 -0700 (PDT)
          (envelope-from are@communique.no)
Received: (qmail 5380 invoked by uid 1001); 24 May 1998 00:13:35 -0000
Message-Id: <19980524001335.5379.qmail@david.communique.no>
Date: 24 May 1998 00:13:35 -0000
From: are.bryne@communique.no
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: conf/6739: Proposing a change to default '/nonexistent' passwd shell entry
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         6739
>Category:       conf
>Synopsis:       Proposing a change to default '/nonexistent' passwd shell entry
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun May 24 07:20:00 PDT 1998
>Last-Modified:
>Originator:     Are Bryne
>Organization:
Communique DA
>Release:        FreeBSD 2.2.6-STABLE i386
>Environment:

	FreeBSD 2.2-STABLE

>Description:

In an e-mail message Mike Smith <mike@smith.net.au> writes:
> It would (perhaps) be worthwhile adding some verbiage to the 
> description of the shell field to make it clearer that setting it to 
> refer to /sbin/nologin is the preferred technique for preventing a user 
> having any access to the system.  The current text assumes that the 
> reader already possesses this knowledge.

I ask him:
> Then perhaps the default /nonexistent 'shell' for various password file
> entries should be changed also?

The response is:
> It would probably make sense to have /sbin/nologin the default shell
> for those accounts, yes.

>How-To-Repeat:


>Fix:
	
Change all the /nonexistent entries in master.passwd to /sbin/nologin.
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message