On Fri, Feb 07, 2003 at 09:43:59AM -0800, Horst wrote: > 1) Talking about nobody -- what should be his/her shell ? > My distro decided on /bin/sh whereas some system accounts are assigned > to /bin/false (or true), neither giving them much power. > I guess I could try and wait until some application using nobody > breaks... but maybe you folks wanna spoil that sort of learning experience???
I think it depends on what nobody's doing by default, or what you do and don't want nobody to be able to do (easily, at least). > 2) What is the recommended entry for the 2nd field (password > indicator) for users that can't log in (like my proxie for root mail) ? > My guess is 'x' in passwd and '!!' in shaddow -- whereas Mandrakes > utilities decided on '*' in passwd and didn't make and entry in shadow(!?) funk:~% uname -a OpenBSD funk 3.2 GENERIC#0 i386 funk:~% grep nobody /etc/passwd nobody:*:32767:32767:Unprivileged user:/nonexistent:/sbin/nologin funk:~% man nologin NOLOGIN(8) OpenBSD System Manager's Manual NOLOGIN(8) NAME nologin - politely refuse a login SYNOPSIS nologin DESCRIPTION nologin displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled. If the file /etc/nologin.txt exists, nologin displays its contents to the user instead of the default message. SEE ALSO login(1) HISTORY The nologin command appeared in 4.4BSD. OpenBSD 3.2 February 15, 1997 1 funk:~% file /sbin/nologin /sbin/nologin: OpenBSD/i386 demand paged executable funk:~% cd /usr/src/sbin/nologin funk:/usr/src/sbin/nologin% ls CVS Makefile nologin.8 nologin.c obj funk:/usr/src/sbin/nologin% cat nologin.c /* $OpenBSD: nologin.c,v 1.3 2002/07/03 22:32:33 deraadt Exp $ */ /* * Copyright (c) 1997, Jason Downs. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include <sys/types.h> #include <fcntl.h> #include <string.h> #include <unistd.h> /* Distinctly different from _PATH_NOLOGIN. */ #define _PATH_NOLOGIN_TXT "/etc/nologin.txt" #define DEFAULT_MESG "This account is currently not available.\n" /*ARGSUSED*/ int main(int argc, char *argv[]) { int nfd, nrd; char nbuf[128]; nfd = open(_PATH_NOLOGIN_TXT, O_RDONLY); if (nfd < 0) { write(STDOUT_FILENO, DEFAULT_MESG, strlen(DEFAULT_MESG)); exit (1); } while ((nrd = read(nfd, nbuf, sizeof(nbuf))) > 0) write(STDOUT_FILENO, nbuf, nrd); close (nfd); exit (1); } funk:/usr/src/sbin/nologin% > 3) HowTo? Normally I use the general tools useradd, usermod and not some > distro-specific tools -- any comments? (other than manually editing the > files in /etc/ -which I used to do in the past) I like 'chsh' for changing shells, and 'vipw' with EDITOR=mg ... on OpenBSD anyway :) -- <[EMAIL PROTECTED]> _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug