Date: Thu, 17 Aug 1995 06:46:58 -0700 From: Faried Nawaz <fn@pain.csrv.uidaho.edu> To: kelly@fsl.noaa.gov (Sean Kelly) Cc: terry@vector.eikon.e-technik.tu-muenchen.de, security@freebsd.org Subject: Re: Login hole Message-ID: <199508171346.GAA22209@pain.csrv.uidaho.edu> In-Reply-To: Your message of "Thu, 17 Aug 1995 07:14:13 MDT." <9508171314.AA03564@emu.fsl.noaa.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
Sean Kelly wrote...
>>>>> "Terry" == Terry Carroll <terry@vector.eikon.e-technik.tu-muenchen.de>
writes:
Terry> Login with no home directory should be denied for normal
Terry> user. Should not drop one into /.
edit /usr/src/usr.bin/login/login.c and play with lines 349-354.
I realize precedent isn't necessarily a good reason for inaction, but
on every SysV and BSD system I've used, no login directory leaves you
in /. Some of my users find this behavior convenient ... if the NFS
server for their home directories is down, they can still read mail.
i believe hp-ux 9.x doesn't let you on if you have no ~. i think that
happens only if your passwd entry is managed by nis, though.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199508171346.GAA22209>