Bug 19755

Summary: nologin not configurable
Product: Base System Reporter: James howard <howardjp>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description James howard 2000-07-07 17:30:01 UTC 
I wanted to displaya specific text message when a specific user logs in
using nologin.8.  But nologin only has a certain static message.  So I
modified it to fix the problem :)

How-To-Repeat: 
N/A
Comment 1 kbyanc 2000-07-08 07:14:31 UTC 
On Fri, 7 Jul 2000, James Howard wrote:

> >Description:
> 
> I wanted to displaya specific text message when a specific user logs in
> using nologin.8.  But nologin only has a certain static message.  So I
> modified it to fix the problem :)
> 

  man 5 nologin

--
Kelly Yancey  -  kbyanc@posi.net  -  Belmont, CA
System Administrator, eGroups.com                  http://www.egroups.com/
Maintainer, BSD Driver Database       http://www.posi.net/freebsd/drivers/
Coordinator, Team FreeBSD        http://www.posi.net/freebsd/Team-FreeBSD/
Comment 2 howardjp 2000-07-08 16:57:42 UTC 
On Fri, 7 Jul 2000, Kelly Yancey wrote:

> On Fri, 7 Jul 2000, James Howard wrote:
>
> > I wanted to displaya specific text message when a specific user logs in
> > using nologin.8.  But nologin only has a certain static message.  So I
> > modified it to fix the problem :)
> > 
>
>   man 5 nologin

But this does not permit me to customize the message for each user.  It
also globally disables logins.

To put it simply, we have temporarily disabled new account creation (done
through an automatic script) and wish to display (securely) a message
saying so.  To try this out, telnet to m-net.arbornet.org and login as
newuser (no password).  If you login as me (a staff account), you are 
are granted access.  If you login as someone who is non-staff, you are
given another message entirely.

Jamie
Comment 3 Yar Tikhiy 2001-10-11 16:41:11 UTC 
First, your solution is by no means secure. Think what would happen
if a user linked its ~/.nologin to /etc/master.passwd.

Second, have you ever heard of term "creeping featurism"?
See http://www.tuxedo.org/~esr/jargon/html/entry/creeping-featurism.html
Sorry, but a standard operating system distribution doesn't need to meet
your every whim. There are administration tasks that are specific to your
site,
that you have to do by yourself.

Please also take a look at login.access(5).
Comment 4 ashp freebsd_committer freebsd_triage 2002-01-15 18:56:58 UTC 
State Changed
From-To: open->closed

This isn't a bug, and is a dangerous feature, due to security problems.  There 
are other ways to handle this, and this type of task should be done on a site 
only basis, not rolled into FreeBSD.