From howardjp@byzantine.student.umd.edu  Fri Jul  7 09:20:22 2000
Return-Path: <howardjp@byzantine.student.umd.edu>
Received: from byzantine.student.umd.edu (byzantine.student.umd.edu [129.2.228.41])
	by hub.freebsd.org (Postfix) with ESMTP id 046F837B5C7
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  7 Jul 2000 09:20:21 -0700 (PDT)
	(envelope-from howardjp@byzantine.student.umd.edu)
Received: (from howardjp@localhost)
	by byzantine.student.umd.edu (8.9.3/8.9.3) id MAA77327;
	Fri, 7 Jul 2000 12:20:20 -0400 (EDT)
	(envelope-from howardjp)
Message-Id: <200007071620.MAA77327@byzantine.student.umd.edu>
Date: Fri, 7 Jul 2000 12:20:20 -0400 (EDT)
From: James Howard <howardjp@byzantine.student.umd.edu>
Reply-To: howardjp@byzantine.student.umd.edu
To: FreeBSD-gnats-submit@freebsd.org
Subject: nologin not configurable
X-Send-Pr-Version: 3.2

>Number:         19755
>Category:       bin
>Synopsis:       nologin not configurable
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 07 09:30:01 PDT 2000
>Closed-Date:    Tue Jan 15 10:56:58 PST 2002
>Last-Modified:  Tue Jan 15 10:57:37 PST 2002
>Originator:     James Howard
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
Arbornet.org
>Environment:

FreeBSD 5

>Description:

I wanted to displaya specific text message when a specific user logs in
using nologin.8.  But nologin only has a certain static message.  So I
modified it to fix the problem :)

>How-To-Repeat:

N/A

>Fix:

diff -u nologin.orig/nologin.8 nologin/nologin.8
--- nologin.orig/nologin.8	Thu Jul  6 22:58:19 2000
+++ nologin/nologin.8	Thu Jul  6 22:58:00 2000
@@ -46,6 +46,23 @@
 exits non-zero.
 It is intended as a replacement shell field for accounts that
 have been disabled.
+.Pp
+.Nm Nologin
+first looks in the user's home directory for 
+.Pa ~/.nologin
+and displays its contents before exiting.  If that file does
+not exist or is not readable, 
+.Nm 
+will look in
+.Pa /etc/nologin
+for the message.  Finally, if no suitable message is found, the
+text "This account is currently not available." is displayed.
+.Sh FILES
+.Bl -tag -width /etc/nologin -compact
+.It Pa ~/.nologin
+User specific warning message
+.It Pa /etc/nologin
+System wide warning message
 .Sh SEE ALSO
 .Xr login 1 ,
 .Xr nologin 5 .
diff -u nologin.orig/nologin.sh nologin/nologin.sh
--- nologin.orig/nologin.sh	Thu Jul  6 22:58:19 2000
+++ nologin/nologin.sh	Thu Jul  6 22:53:20 2000
@@ -35,5 +35,12 @@
 # $FreeBSD: src/sbin/nologin/nologin.sh,v 1.4 1999/08/28 00:13:57 peter Exp $
 #
 
-echo 'This account is currently not available.'
+if [ -r ~/.nologin ]; then
+    cat ~/.nologin
+elif [ -r /etc/nologin ]; then
+    cat /etc/nlogin
+else
+    echo 'This account is currently not available.'
+fi
+
 exit 1

>Release-Note:
>Audit-Trail:

From: Kelly Yancey <kbyanc@posi.net>
To: James Howard <howardjp@byzantine.student.umd.edu>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/19755: nologin not configurable
Date: Fri, 7 Jul 2000 23:14:31 -0700 (PDT)

 On Fri, 7 Jul 2000, James Howard wrote:
 
 > >Description:
 > 
 > I wanted to displaya specific text message when a specific user logs in
 > using nologin.8.  But nologin only has a certain static message.  So I
 > modified it to fix the problem :)
 > 
 
   man 5 nologin
 
 --
 Kelly Yancey  -  kbyanc@posi.net  -  Belmont, CA
 System Administrator, eGroups.com                  http://www.egroups.com/
 Maintainer, BSD Driver Database       http://www.posi.net/freebsd/drivers/
 Coordinator, Team FreeBSD        http://www.posi.net/freebsd/Team-FreeBSD/
 
 
 

From: James Howard <howardjp@wam.umd.edu>
To: Kelly Yancey <kbyanc@posi.net>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/19755: nologin not configurable
Date: Sat, 8 Jul 2000 11:57:42 -0400 (EDT)

 On Fri, 7 Jul 2000, Kelly Yancey wrote:
 
 > On Fri, 7 Jul 2000, James Howard wrote:
 >
 > > I wanted to displaya specific text message when a specific user logs in
 > > using nologin.8.  But nologin only has a certain static message.  So I
 > > modified it to fix the problem :)
 > > 
 >
 >   man 5 nologin
 
 But this does not permit me to customize the message for each user.  It
 also globally disables logins.
 
 To put it simply, we have temporarily disabled new account creation (done
 through an automatic script) and wish to display (securely) a message
 saying so.  To try this out, telnet to m-net.arbornet.org and login as
 newuser (no password).  If you login as me (a staff account), you are 
 are granted access.  If you login as someone who is non-staff, you are
 given another message entirely.
 
 Jamie
 
 
 

From: "Yar Tikhiy" <yar@comp.chem.msu.su>
To: <freebsd-gnats-submit@FreeBSD.org>,
	<howardjp@byzantine.student.umd.edu>
Cc:  
Subject: Re: bin/19755: nologin not configurable
Date: Thu, 11 Oct 2001 19:41:11 +0400

 First, your solution is by no means secure. Think what would happen
 if a user linked its ~/.nologin to /etc/master.passwd.
 
 Second, have you ever heard of term "creeping featurism"?
 See http://www.tuxedo.org/~esr/jargon/html/entry/creeping-featurism.html
 Sorry, but a standard operating system distribution doesn't need to meet
 your every whim. There are administration tasks that are specific to your
 site,
 that you have to do by yourself.
 
 Please also take a look at login.access(5).
 
State-Changed-From-To: open->closed 
State-Changed-By: ashp 
State-Changed-When: Tue Jan 15 10:56:58 PST 2002 
State-Changed-Why:  
This isn't a bug, and is a dangerous feature, due to security problems.  There 
are other ways to handle this, and this type of task should be done on a site 
only basis, not rolled into FreeBSD. 


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=19755 
>Unformatted:
