Date: 14 Dec 1997 18:06:14 -0000 From: evanc@synapse.net To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: conf/5292: master.passwd -- /nonexistent vs. /sbin/nologin, & expansion Message-ID: <19971214180614.739.qmail@piano.synapse.net> Resent-Message-ID: <199712141810.KAA24143@hub.freebsd.org>
index | next in thread | raw e-mail
>Number: 5292 >Category: conf >Synopsis: master.passwd -- /nonexistent vs. /sbin/nologin, & expansion >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Dec 14 10:10:00 PST 1997 >Last-Modified: >Originator: Evan Champion >Organization: >Release: FreeBSD 3.0-CURRENT i386 >Environment: >Description: 4.4BSD ships with /sbin/nologin; it is designed as a shell for accounts that have been disabled. FreeBSD still uses /nonexistent. Not only does this not generate an appropriate error message to a user (most likely something like "/nonexistent: not found", which isn't very helpful), but what happens if /nonexistent actually exists... If /sbin/nologin was made immutable, it would be much more secure. In addition, it still has & in root/operator. A lot of stuff can't (or purposefully won't) expand the &. I think it would be appropriate to replace the & by its expansion directly in /etc/master.passwd instead of requiring the application to do it. Finally, operator is not in group operator! I thought someone had fixed this... >How-To-Repeat: >Fix: Here is an entire /etc/master.passwd that has been fixed. It might be nice if the gecos were made a little more "professional" -- "Mister Man Pages" is kind of cute but does not really instill much confidence :-) Also, it would be nice if the gecos were a bit more uniform. For example, all the default users except root are pseudousers, but only games and uucp have 'pseudo-user' in the gecos... Here are a few ideas: root: Superuser toor: Bourne-again Superuser daemon: System Daemons operator: System Operator bin: System Binaries and Source games: Games news: Usenet News man: System Manuals uucp: UNIX-to-UNIX Copy xten: X-10 Daemon pop: Post Office nobody: Unprivileged User And if you're really in the giving spirit :-) how about making root and operator have a sane shell like /bin/sh :-) Anyway, here it is... root::0:0::0:0:Charlie root:/root:/bin/csh toor:*:0:0::0:0:Bourne-again Superuser:/root:/sbin/nologin daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin operator:*:2:5::0:0:System operator:/usr/guest/operator:/bin/csh bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin >Audit-Trail: >Unformatted:help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971214180614.739.qmail>