On May 12, 2016, at 3:36 PM, Yaakov Selkowitz <yselkow...@cygwin.com> wrote: > > What are the consequences of having shells listed in /etc/shells which aren't > on the system?
That file is a security feature, but the typical way Cygwin works — i.e. that normal users are allowed to install software, modify /etc/*, and so forth — nullifies its value. But, if you do somehow lock down /etc/shells so that normal users can’t write to it, you’re also presumably locking down /bin, so a malicious user couldn’t drop in a bogus /bin/fish file and convince other software to run it as a shell. Too bad there is no /etc/shells.d. Then non-Base shells could just add themselves there.