[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1055076: glibc: wrong _PATH_NOLOGIN in paths.h

Woops! I didn't know that. Thanks for the explanation :)

-- 
  Olivier Duclos

On Tue, Oct 31, 2023, at 20:02, Aurelien Jarno wrote:
> Hi,
>
> On 2023-10-30 22:17, Olivier Duclos wrote:
>> Package: libc6-dev
>> Source: glibc
>> Version: 2.38-3
>> Severity: normal
>> 
>> In /usr/include/paths.h at line 56 we have:
>> 
>>   #define _PATH_NOLOGIN   "/etc/nologin"
>> 
>> This path is incorrect and should be replaced by "/usr/sbin/nologin".
>
> I think you are missing two different things:
> - The /etc/nologin file that prevent non-root users to log on a
>   machine if it exists.
> - The nologin shell that can be used in /etc/passwd to prevent the
>   corresponding users to login.
>
> Changing _PATH_NOLOGIN to "/usr/sbin/nologin", as you suggest, might
> prevent users to log on there system once packages are rebuild against
> the changed paths.h as this binary is provided by an essential package
> present on all systems. "might" because pam does not use the glibc
> paths.h and hard codes the path instead. But OpenSSH seems to use it.
>
> Regards
> Aurelien
>
> -- 
> Aurelien Jarno                          GPG: 4096R/1DDD8C9B
> aurelien@aurel32.net                     http://aurel32.net
Reply to: