Date: Mon, 18 Jun 2007 16:29:22 +0800 From: LI Xin <delphij@delphij.net> To: Yar Tikhiy <yar@FreeBSD.ORG> Cc: cvs-src@FreeBSD.ORG, src-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/etc/pam.d Makefile cron src/usr.sbin/cron/cron Makefile cron.8 cron.h database.c do_command.c src/usr.sbin/cron/lib Makefile entry.c Message-ID: <46764262.1060408@delphij.net> In-Reply-To: <200706171725.l5HHPr2c092609@repoman.freebsd.org> References: <200706171725.l5HHPr2c092609@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig2B829E923D7AA3DF1780CF42 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, Yar Tikhiy wrote: > yar 2007-06-17 17:25:53 UTC >=20 > FreeBSD src repository >=20 > Modified files: > etc/pam.d Makefile=20 > usr.sbin/cron/cron Makefile cron.8 cron.h database.c=20 > do_command.c=20 > usr.sbin/cron/lib Makefile entry.c=20 > Added files: > etc/pam.d cron=20 > Log: > Add PAM support to cron(8). Now cron(8) will skip commands scheduled= > by unavailable accounts, e.g., those locked, expired, not allowed in = at > the moment by nologin(5), or whatever, depending on cron's pam.conf(5= ). > This applies to personal crontabs only, /etc/crontab is unaffected. This will silently break a lot of ports, for instance mail/mailman, which creates nologin(5) users with crontab entry. Can we for now (because we are near a new release) try not disabling nologin(5) users, and discuss a better solution? A possible alternative is to make a pam_ftpusers(8) alike PAM module which is marked as "sufficient" and explicitly pass /var/cron/allow users (especially ports) to override the policy. Cheers, --=20 Xin LI <delphij@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! --------------enig2B829E923D7AA3DF1780CF42 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGdkJiOfuToMruuMARCrAyAJoCpVfSb1XCUhBaUOdE9M5d8qO+bACggKJK 8JZeRLTVbaALTJUATjDfVvA= =rlbX -----END PGP SIGNATURE----- --------------enig2B829E923D7AA3DF1780CF42--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46764262.1060408>