From evanc@synapse.net  Sun Dec 14 10:06:17 1997
Received: from piano.synapse.net (piano.synapse.net [199.84.54.22])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id KAA23814
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 14 Dec 1997 10:06:16 -0800 (PST)
          (envelope-from evanc@synapse.net)
Received: (qmail 740 invoked by uid 0); 14 Dec 1997 18:06:14 -0000
Message-Id: <19971214180614.739.qmail@piano.synapse.net>
Date: 14 Dec 1997 18:06:14 -0000
From: evanc@synapse.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: master.passwd -- /nonexistent vs. /sbin/nologin, & expansion
X-Send-Pr-Version: 3.2

>Number:         5292
>Category:       conf
>Synopsis:       master.passwd -- /nonexistent vs. /sbin/nologin, & expansion
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Dec 14 10:10:00 PST 1997
>Closed-Date:    Sat Apr 15 05:27:38 PDT 2000
>Last-Modified:  Sat Apr 15 05:28:36 PDT 2000
>Originator:     Evan Champion
>Release:        FreeBSD 3.0-CURRENT i386
>Organization:
>Environment:

	

>Description:
	4.4BSD ships with /sbin/nologin; it is designed as a shell
	for accounts that have been disabled.  FreeBSD still uses
	/nonexistent.  Not only does this not generate an appropriate
	error message to a user (most likely something like
	"/nonexistent: not found", which isn't very helpful), but what
	happens if /nonexistent actually exists...  If /sbin/nologin was
	made immutable, it would be much more secure.
	
	In addition, it still has & in root/operator.  A lot of stuff
	can't (or purposefully won't) expand the &.  I think it would
	be appropriate to replace the & by its expansion directly in
	/etc/master.passwd instead of requiring the application to
	do it.

	Finally, operator is not in group operator!  I thought someone
	had fixed this...

>How-To-Repeat:

	

>Fix:
	Here is an entire /etc/master.passwd that has been fixed.

	It might be nice if the gecos were made a little more "professional"
	-- "Mister Man Pages" is kind of cute but does not really instill
	much confidence :-)

	Also, it would be nice if the gecos were a bit more uniform.
	For example, all the default users except root are pseudousers,
	but only games and uucp have 'pseudo-user' in the gecos...
	Here are a few ideas:

	root: Superuser
	toor: Bourne-again Superuser
	daemon: System Daemons
	operator: System Operator
	bin: System Binaries and Source
	games: Games
	news: Usenet News
	man: System Manuals
	uucp: UNIX-to-UNIX Copy
	xten: X-10 Daemon
	pop: Post Office
	nobody: Unprivileged User

	And if you're really in the giving spirit :-) how about making
	root and operator have a sane shell like /bin/sh :-)

	Anyway, here it is...

root::0:0::0:0:Charlie root:/root:/bin/csh
toor:*:0:0::0:0:Bourne-again Superuser:/root:/sbin/nologin
daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin
operator:*:2:5::0:0:System operator:/usr/guest/operator:/bin/csh
bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: phantom 
State-Changed-When: Sat Apr 15 05:27:38 PDT 2000 
State-Changed-Why:  
Fixed by steve at Jun/1998 
Thanks! 
>Unformatted:
