Date: Fri, 22 Aug 2014 02:05:09 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 28223] su(1) doesn't look at login.conf all the time Message-ID: <bug-28223-8-7GNhAZ3eb6@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-28223-8@https.bugs.freebsd.org/bugzilla/> References: <bug-28223-8@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=28223 --- Comment #7 from ta0kira@gmail.com --- This can be handled with "nologin" in login.conf, without needing to modify su(1) (in 10.0-RELEASE, anyway.) On the other hand, it might be useful for su to check "shell" for the login class, since it doesn't do so even with -l. So, rather than it being used for login enforcement, I think it should be taken into account only if -l is used, with login enforcement attained via other means. As far as I can tell, "shell" has no special meaning (see login_cap(3); it's not mentioned anywhere), other than that login.access(5) mentions it, i.e., it's up to individual programs to check for "shell". It looks like login(1) and sshd(8) are the only base components that do anything with "shell". It seems that in general it's not actually supported, and it therefore probably shouldn't be relied on for things like login enforcement. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-28223-8-7GNhAZ3eb6>