>Number:         2980
>Category:       misc
>Synopsis:       /etc/security complains about daemon having a shell
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people (Misc Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Nov 30 11:50:05 1996
>Last-Modified:
>Originator:     Erik Bertelsen
>Organization:
	
>Release:        NetBSD-current 30 nov 1996
>Environment:
	
System: NetBSD erik-be.uni-c.dk 1.2B NetBSD 1.2B (ERIKBE) #12: Tue Nov 26 10:14:29 MET 1996 erik@erik-be.uni-c.dk:/usr/src/sys/arch/i386/compile/ERIKBE i386


>Description:
As distributed, NetBSD's /etc/security produces several kinds of output
in the mail each day that can be silenced a bit. One of the examples is the
analysis of the passwd file. Here the script will allways complain about
user name daemon being off, but still having a valid shell. The fact is 
that daemon must have a valid shell, otherwise other things in the
system will break, e.g. running cron jobs.

Checking the /etc/master.passwd file:
Login daemon is off but still has a valid shell.

>How-To-Repeat:
	Run with the distributed /etc/security...
>Fix:
The patch below will remove a superfluous diagnostic message from
/etc/security:

*** security.orig	Thu Nov 28 09:49:18 1996
--- security	Fri Nov 29 11:00:10 1996
***************
*** 32,37 ****
--- 32,39 ----
  		printf("Login %s has more than 8 characters.\n", $1);
  	if ($2 == "")
  		printf("Login %s has no password.\n", $1);
+ 	if ($1 == "daemon")
+ 		next;
  	if (length($2) != 13 && $2 != "" && ($10 ~ /.*sh$/ || $10 == ""))
  		printf("Login %s is off but still has a valid shell.\n", $1);
  	if ($3 == 0 && $1 != "root" && $1 != "toor")
>Audit-Trail:
>Unformatted: