[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1055076: glibc: wrong _PATH_NOLOGIN in paths.h

Hi,

On 2023-10-30 22:17, Olivier Duclos wrote:
> Package: libc6-dev
> Source: glibc
> Version: 2.38-3
> Severity: normal
> 
> In /usr/include/paths.h at line 56 we have:
> 
>   #define _PATH_NOLOGIN   "/etc/nologin"
> 
> This path is incorrect and should be replaced by "/usr/sbin/nologin".

I think you are missing two different things:
- The /etc/nologin file that prevent non-root users to log on a
  machine if it exists.
- The nologin shell that can be used in /etc/passwd to prevent the
  corresponding users to login.

Changing _PATH_NOLOGIN to "/usr/sbin/nologin", as you suggest, might
prevent users to log on there system once packages are rebuild against
the changed paths.h as this binary is provided by an essential package
present on all systems. "might" because pam does not use the glibc
paths.h and hard codes the path instead. But OpenSSH seems to use it.

Regards
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                     http://aurel32.net
Reply to: