From owner-freebsd-current Sun Jan 28 22:20:19 2001 Delivered-To: freebsd-current@freebsd.org Received: from moby.geekhouse.net (moby.geekhouse.net [64.81.6.36]) by hub.freebsd.org (Postfix) with ESMTP id D1B6837B402 for ; Sun, 28 Jan 2001 22:19:47 -0800 (PST) Received: from laptop.baldwin.cx (john@dhcp150.geekhouse.net [192.168.1.150]) by moby.geekhouse.net (8.11.0/8.9.3) with ESMTP id f0T6Jhc03420; Sun, 28 Jan 2001 22:19:43 -0800 (PST) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <200101290453.f0T4roq13148@whizzo.transsys.com> Date: Sun, 28 Jan 2001 22:19:29 -0800 (PST) From: John Baldwin To: "Louis A. Mamakos" Subject: Re: /etc/shells #include syntax support patch Cc: current@FreeBSD.org, "Steve O'Hara-Smith" , "Jacques A. Vidrine" Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 29-Jan-01 Louis A. Mamakos wrote: >> On Sun, Jan 28, 2001 at 10:13:49AM +0100, Steve O'Hara-Smith wrote: >> > Hi, >> > >> > Asbestos suit on, round two. >> > >> > The patch below changes getusershell to support a #include syntax >> > in /etc/shells. >> >> I guess this is what I object to. I don't particularly like having a >> new directive in a configuration file which lots of applications read >> directly. >> >> I would rather that a separate configuration file be read, for example, >> with a list of shells(5) format files to consult. >> >> In current, this could be an optional thing, activated in nsswitch.conf, >> e.g. make a ports source for shells, and activate it with: >> shells: files ports >> >> or whatever you would like to call the source. > > Does this capability really need to exist (e.g., supporting many files)? It > would seem like the additional complexity would be not what you want for > what's > essentially a security policy mechansim. Who gets to own these included > files? > What should their permissions be allowed to be? > > It doesn't seem unreasonable to have a single file with a list of allowable > shells. > > Is this #include capability going to be added for other files that ports > modify such as /etc/master.passwd and /etc/group? > > I dunno; maybe it's just me, but this really seems like a solution way out > of proportion to the "problem" People whine about the problem though, so having no solution doesn't help either. Since #include is syntatically a comment, it shouldn't mess up other programs, though the idea is that they will all use the API in libc and not be reading the file themselves. However, I do think that doing it through nsswitch might be the best solution. > louie -- John Baldwin -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message