On Fri, Feb 07, 2003 at 09:43:59AM -0800, Horst wrote:
> 1) Talking about nobody -- what should be his/her shell ?
> My distro decided on /bin/sh whereas some system accounts are assigned
> to /bin/false (or true), neither giving them much power.
> I guess I could try and wait until some application using nobody
> breaks... but maybe you folks wanna spoil that sort of learning experience???
I think it depends on what nobody's doing by default, or what you do and
don't want nobody to be able to do (easily, at least).
> 2) What is the recommended entry for the 2nd field (password
> indicator) for users that can't log in (like my proxie for root mail) ?
> My guess is 'x' in passwd and '!!' in shaddow -- whereas Mandrakes
> utilities decided on '*' in passwd and didn't make and entry in shadow(!?)
funk:~% uname -a
OpenBSD funk 3.2 GENERIC#0 i386
funk:~% grep nobody /etc/passwd
nobody:*:32767:32767:Unprivileged user:/nonexistent:/sbin/nologin
funk:~% man nologin
NOLOGIN(8) OpenBSD System Manager's Manual NOLOGIN(8)
NAME
nologin - politely refuse a login
SYNOPSIS
nologin
DESCRIPTION
nologin displays a message that an account is not available and exits
non-zero. It is intended as a replacement shell field for accounts that
have been disabled.
If the file /etc/nologin.txt exists, nologin displays its contents to the
user instead of the default message.
SEE ALSO
login(1)
HISTORY
The nologin command appeared in 4.4BSD.
OpenBSD 3.2 February 15, 1997 1
funk:~% file /sbin/nologin
/sbin/nologin: OpenBSD/i386 demand paged executable
funk:~% cd /usr/src/sbin/nologin
funk:/usr/src/sbin/nologin% ls
CVS Makefile nologin.8 nologin.c obj
funk:/usr/src/sbin/nologin% cat nologin.c
/* $OpenBSD: nologin.c,v 1.3 2002/07/03 22:32:33 deraadt Exp $ */
/*
* Copyright (c) 1997, Jason Downs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/types.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
/* Distinctly different from _PATH_NOLOGIN. */
#define _PATH_NOLOGIN_TXT "/etc/nologin.txt"
#define DEFAULT_MESG "This account is currently not available.\n"
/*ARGSUSED*/
int main(int argc, char *argv[])
{
int nfd, nrd;
char nbuf[128];
nfd = open(_PATH_NOLOGIN_TXT, O_RDONLY);
if (nfd < 0) {
write(STDOUT_FILENO, DEFAULT_MESG, strlen(DEFAULT_MESG));
exit (1);
}
while ((nrd = read(nfd, nbuf, sizeof(nbuf))) > 0)
write(STDOUT_FILENO, nbuf, nrd);
close (nfd);
exit (1);
}
funk:/usr/src/sbin/nologin%
> 3) HowTo? Normally I use the general tools useradd, usermod and not some
> distro-specific tools -- any comments? (other than manually editing the
> files in /etc/ -which I used to do in the past)
I like 'chsh' for changing shells, and 'vipw' with EDITOR=mg ... on
OpenBSD anyway :)
--
<[EMAIL PROTECTED]>
_______________________________________________
Eug-LUG mailing list
[EMAIL PROTECTED]
http://mailman.efn.org/cgi-bin/listinfo/eug-lug
