Date: Sun, 28 Jan 2001 22:19:29 -0800 (PST) From: John Baldwin <jhb@FreeBSD.org> To: "Louis A. Mamakos" <louie@TransSys.COM> Cc: current@FreeBSD.org, "Steve O'Hara-Smith" <steveo@eircom.net>, "Jacques A. Vidrine" <n@nectar.com> Subject: Re: /etc/shells #include syntax support patch Message-ID: <XFMail.010128221929.jhb@FreeBSD.org> In-Reply-To: <200101290453.f0T4roq13148@whizzo.transsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 29-Jan-01 Louis A. Mamakos wrote: >> On Sun, Jan 28, 2001 at 10:13:49AM +0100, Steve O'Hara-Smith wrote: >> > Hi, >> > >> > Asbestos suit on, round two. >> > >> > The patch below changes getusershell to support a #include syntax >> > in /etc/shells. >> >> I guess this is what I object to. I don't particularly like having a >> new directive in a configuration file which lots of applications read >> directly. >> >> I would rather that a separate configuration file be read, for example, >> with a list of shells(5) format files to consult. >> >> In current, this could be an optional thing, activated in nsswitch.conf, >> e.g. make a ports source for shells, and activate it with: >> shells: files ports >> >> or whatever you would like to call the source. > > Does this capability really need to exist (e.g., supporting many files)? It > would seem like the additional complexity would be not what you want for > what's > essentially a security policy mechansim. Who gets to own these included > files? > What should their permissions be allowed to be? > > It doesn't seem unreasonable to have a single file with a list of allowable > shells. > > Is this #include capability going to be added for other files that ports > modify such as /etc/master.passwd and /etc/group? > > I dunno; maybe it's just me, but this really seems like a solution way out > of proportion to the "problem" People whine about the problem though, so having no solution doesn't help either. Since #include is syntatically a comment, it shouldn't mess up other programs, though the idea is that they will all use the API in libc and not be reading the file themselves. However, I do think that doing it through nsswitch might be the best solution. > louie -- John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.010128221929.jhb>