Subject: Re: Security problem with pkgsrc/mail/majordomo
To: Brook Milligan <brook@biology.nmsu.edu>
From: Paul Hoffman <phoffman@proper.com>
List: tech-pkg
Date: 03/04/2000 09:42:04
>Presumably, you are suggesting additions to the addnerd command.
>Perhaps a quick discussion of the options is appropriate. I see the
>following possibilities:
>
>1. -s /sbin/nologin; no -p option or -p *; warn that the user may wish
> to change this via vipw/passwd
>
>2. -s $MAJORDOMO_SHELL (default /bin/sh); -p *; similar warning
>
>Any comments on which is preferable or ideas on other options?
I think either no -p option or -p *, followed by a warning, is fine. I do
*not* think that the default shell should be anything other than
/sbin/nologin, even if -p * is specified. If someone is going to take the
unlikely step of allowing someone to log in as majordom, they can make the
shell change in vipw.