Centos 7 remove /sbin/nologin from /etc/shell , this happens at October 30,2018, and all users, even only mail or vpn , have shell access to server. It's really nesessary, or /sbin/nologin can be added to /etc/shell? Nothing will be broken?
Share this post:
Accepted AnswerConfirmed. Bug report is here:
This will affect all 7.6 installations that were NOT previously installed with 7.5. Some 7.5 installs may be affected but all new user adds after the patch from upstream will be affected.
You can read more about the reasons why they 'fixed' this here:
Accepted AnswerI would like to push this out tomorrow and fast track it to ClearOS Business as well since it is kinda security related.
yum --enablerepo=clearos-updates-testing update app-base
BTW, this fix will NOT remove entries to the /etc/shells file but rather introduces the nologin option only on the menu. If you end up with two on your list this means that you are vulnerable to the issues discussed here and you should remove it so that your file comports. Look to see if you have an /etc/shells.rpmnew and consider replacing your /etc/shells with it.
Accepted AnswerNick HowittOffline@Dave,
Something has fallen over and koji has not pushed to the repos (there are other problems in the repos as well at the moment), so no one can test.
FWIW updates-testing on newyork1 is empty! On singapore1 it is populated with what there was before yesterday, so only app-base-2.7.1.
I have tried patching manually with weird results. The first time I patched, and the first time only, /sbin/nologin went to the bottom of the login shell list so the default was /bin/sh. Not good. I then added /usr/sbin/nologon to the list and /sbin/nologon went to the top of the list and became the default. From then, every time I changed get_list(), either /sbin/nlogon or /usr/sbin/nologon appeared at the top of the list.
As a comment, to be consistent with /etc/shells and the old list, shouldn't /usr/sbin/nologon also be added to get_list()?
array_unshift($list, "/sbin/nologin", "/usr/sbin/nologin");