Alan: >>> The reason I ask is because the GNOME users and groups tool gets this >>> wrong on Solaris. It correctly hides by default all those accounts with >>> a uid< 100 but it doesn't hide the other reserved system accounts: >>> >>> nobody:x:60001:60001:NFS Anonymous Access User:/: >>> noaccess:x:60002:60002:No Access User:/: >>> nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: >> >> Since these users do not have valid shells specified, these would not >> be shown. > > A blank entry in the shell field indicates the system default shell should > be used - on Solaris& OpenSolaris, that's "/bin/sh", which is a valid > shell. If you're skipping those because they're blank do you also skip > non-system accounts using that shorthand?
Correct. The way the code works is that it calls fgetpwent() and if /etc/passwd contains no value, then that account does not show up in the Face Browser. So, users would need to avoid using the shorthand if they want the user to show up in the GDM Face Browser. If that is inappropriate, then we could change the logic to work a different way. Note that the checking of what users are valid or not is done by the GDM greeter which runs as the "gdm" user, so it does not have the ability to read /etc/shadow directly. > (How do you determine which shells are valid? getusershell(3c) ?) Correct. Though the code also checks for "/sbin/nologin" and "/bin/false" and considers those invalid shells even if getusershell reports them. Brian
