From: iwj@cam-orl.co.uk (Ian Jackson) Subject: Re: Packaging Linux Date: 23 Nov 1992 13:09:00 GMT
In article <By59LB.Mqy@watserv1.uwaterloo.ca> jjlawren@garfield.uwaterloo.ca writes:
>I personally think that it is very simple to have a login for shutdown (I
>do...why not for std release?) and then tell people...."when you are done
>using the system for the day logout all users and login as shutdown...wait
>10 seconds (for the message that its ok) and then turn off the machine."
I agree. Unfortunately the version of xdm I have (and probably every
other) seems to ignore inappropriateness of a user's login shell when
deciding what to do when they log in.
If, for example, you have a user "shutdown" with a uid of 0 and no
password, xdm simply starts up an xterm with their shell (shutdown, or
whatever) in it, together with a twm. The default twm then allows
anyone to get up root shells (bash, etc.) if the shell in the xterm
doesn't complete and die immediately. I'm looking into a way of fixing
this problem and will post when I have figured it out.
I think there are various other programs that may read and
misinterpret the password file as well (ftpd?) - perhaps someone else
could comment.
In general a program shouldn't assume that a user may do arbitrary
things like transfer files, have shells, etc., unless their login
shell is in /etc/shells.
-- Ian Jackson iwj@cam-orl.co.uk ..!uknet!cam-orl!iwj These opinions are my own. Olivetti Research Ltd, Old Addenbrookes Site, Trumpington St, Cambridge, UK; Home: 35 Molewood Close, Cambridge, CB4 3SR; +44 223 327029. +44 223 343398