* Where is /bin/nologin
@ 2011-10-13 18:37 gwodus
2011-10-13 21:20 ` David Sastre
0 siblings, 1 reply; 9+ messages in thread
From: gwodus @ 2011-10-13 18:37 UTC (permalink / raw)
To: cygwin
I am missing /bin/nologin.
I need to disable shell access for a user. But it still needs to be able to
accept ssh connects for tunnel only for that user (ssh -N ...).
On Linux I would set the login shell in /etc/passed to /sbin/nologin. But I
can't find it on cygwin.
Is there a certain cygwin package I need to install?
Thanks in advance,
gwodus.
--
View this message in context: http://old.nabble.com/Where-is--bin-nologin-tp32647652p32647652.html
Sent from the Cygwin list mailing list archive at Nabble.com.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Where is /bin/nologin
2011-10-13 18:37 Where is /bin/nologin gwodus
@ 2011-10-13 21:20 ` David Sastre
2011-10-13 22:45 ` gwodus
0 siblings, 1 reply; 9+ messages in thread
From: David Sastre @ 2011-10-13 21:20 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 577 bytes --]
On Thu, Oct 13, 2011 at 11:37:19AM -0700, gwodus wrote:
>
> I am missing /bin/nologin.
>
> I need to disable shell access for a user. But it still needs to be able to
> accept ssh connects for tunnel only for that user (ssh -N ...).
>
> On Linux I would set the login shell in /etc/passed to /sbin/nologin. But I
> can't find it on cygwin.
>
> Is there a certain cygwin package I need to install?
>
> Thanks in advance,
> gwodus.
Does /bin/false serve that purpose?
--
Huella de clave primaria: AD8F BDC0 5A2C FD5F A179 60E7 F79B AB04 5299 EC56
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 230 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Where is /bin/nologin
2011-10-13 21:20 ` David Sastre
@ 2011-10-13 22:45 ` gwodus
2011-10-14 8:33 ` Corinna Vinschen
0 siblings, 1 reply; 9+ messages in thread
From: gwodus @ 2011-10-13 22:45 UTC (permalink / raw)
To: cygwin
Dawud Medina wrote:
>
> Does /bin/false serve that purpose?
>
> --
> Huella de clave primaria: AD8F BDC0 5A2C FD5F A179 60E7 F79B AB04 5299
> EC56
>
Of course!!! Thanks a lot. That's what I was looking for. Thanks.
--
View this message in context: http://old.nabble.com/Where-is--bin-nologin-tp32647652p32649084.html
Sent from the Cygwin list mailing list archive at Nabble.com.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Where is /bin/nologin
2011-10-13 22:45 ` gwodus
@ 2011-10-14 8:33 ` Corinna Vinschen
2011-10-14 10:05 ` Andrey Repin
0 siblings, 1 reply; 9+ messages in thread
From: Corinna Vinschen @ 2011-10-14 8:33 UTC (permalink / raw)
To: cygwin
On Oct 13 15:44, gwodus wrote:
>
>
> Dawud Medina wrote:
> >
> > Does /bin/false serve that purpose?
> >
> > --
> > Huella de clave primaria: AD8F BDC0 5A2C FD5F A179 60E7 F79B AB04 5299
> > EC56
> >
>
> Of course!!! Thanks a lot. That's what I was looking for. Thanks.
Or what about creating your own /sbin/nologin, something like this:
$ cat > /sbin/nologin <<EOF
#!/bin/sh
if [ -f /etc/nologin.txt ]
then
cat /etc/nologin.txt
else
echo "This account is currently not available."
fi
exit 0
EOF
$ chmod +x /sbin/nologin
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Where is /bin/nologin
2011-10-14 8:33 ` Corinna Vinschen
@ 2011-10-14 10:05 ` Andrey Repin
2011-10-14 11:56 ` Corinna Vinschen
0 siblings, 1 reply; 9+ messages in thread
From: Andrey Repin @ 2011-10-14 10:05 UTC (permalink / raw)
To: Corinna Vinschen
Greetings, Corinna Vinschen!
> Or what about creating your own /sbin/nologin, something like this:
> $ cat > /sbin/nologin <<EOF
> #!/bin/sh
> if [ -f /etc/nologin.txt ]
> then
> cat /etc/nologin.txt
> else
> echo "This account is currently not available."
> fi
> exit 0
> EOF
> $ chmod +x /sbin/nologin
I would advice against giving any clues about account status, for security
reasons.
--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 14.10.2011, <14:03>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Where is /bin/nologin
2011-10-14 10:05 ` Andrey Repin
@ 2011-10-14 11:56 ` Corinna Vinschen
2011-10-15 8:25 ` gwodus
2011-10-17 14:20 ` Andrey Repin
0 siblings, 2 replies; 9+ messages in thread
From: Corinna Vinschen @ 2011-10-14 11:56 UTC (permalink / raw)
To: cygwin
On Oct 14 14:04, Andrey Repin wrote:
> Greetings, Corinna Vinschen!
>
> > Or what about creating your own /sbin/nologin, something like this:
>
> > $ cat > /sbin/nologin <<EOF
> > #!/bin/sh
> > if [ -f /etc/nologin.txt ]
> > then
> > cat /etc/nologin.txt
> > else
> > echo "This account is currently not available."
> > fi
> > exit 0
> > EOF
> > $ chmod +x /sbin/nologin
>
> I would advice against giving any clues about account status, for security
> reasons.
It's what Linux' /sbin/nologin' prints, too. Actually it's the whole
idea of /sbin/nologin' per the man page:
$ man nologin
NOLOGIN(8) BSD System Manager's Manual NOLOGIN(8)
NAME
nologin â politely refuse a login
[...]
Just `exit 0' should be replaced with `exit 1' since
[...]
nologin displays a message that an account is not available and exits
non-zero.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Where is /bin/nologin
2011-10-14 11:56 ` Corinna Vinschen
@ 2011-10-15 8:25 ` gwodus
2011-10-15 8:53 ` Corinna Vinschen
2011-10-17 14:20 ` Andrey Repin
1 sibling, 1 reply; 9+ messages in thread
From: gwodus @ 2011-10-15 8:25 UTC (permalink / raw)
To: cygwin
Corinna Vinschen-2 wrote:
>
> On Oct 14 14:04, Andrey Repin wrote:
>> ...
>> I would advice against giving any clues about account status, for
>> security
>> reasons.
>
> It's what Linux' /sbin/nologin' prints, too. Actually it's the whole
> idea of /sbin/nologin' per the man page:
>
> $ man nologin
> NOLOGIN(8) BSD System Manager's Manual
> NOLOGIN(8)
>
> NAME
> nologin — politely refuse a login
> [...]
>
> Just `exit 0' should be replaced with `exit 1' since
>
> [...]
> nologin displays a message that an account is not available and exits
> non-zero.
>
>
> Corinna
>
> --
> Corinna Vinschen Please, send mails regarding Cygwin to
> Cygwin Project Co-Leader cygwin AT cygwin DOT com
> Red Hat
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>
Nice script! Would be cool if it would be part of cygwin. Btw. was the
/etc/nologin.txt your addition? I think the original nologin doesn't even do
that. At least not on Debian, where I just checked.
Although in general I agree with Andrey. I forgot all about /bin/false. So I
am using that now. In fact I checked on my Linux box. I see that most
"no-shell" users have /bin/false in /etc/passwd (like ftp or mysql). But
others have nologin (e.g. user sshd on my machine).
Thanks,
gwodus.
--
View this message in context: http://old.nabble.com/Where-is--bin-nologin-tp32647652p32657023.html
Sent from the Cygwin list mailing list archive at Nabble.com.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Where is /bin/nologin
2011-10-14 11:56 ` Corinna Vinschen
2011-10-15 8:25 ` gwodus
@ 2011-10-17 14:20 ` Andrey Repin
1 sibling, 0 replies; 9+ messages in thread
From: Andrey Repin @ 2011-10-17 14:20 UTC (permalink / raw)
To: Corinna Vinschen
Greetings, Corinna Vinschen!
>> I would advice against giving any clues about account status, for security
>> reasons.
> It's what Linux' /sbin/nologin' prints, too. Actually it's the whole
> idea of /sbin/nologin' per the man page:
Right you are. However, I haven't seen /bin/nologin used on any Linux box I've
come across in all my Linux experience. :)
It was /bin/false for accounts you don't want to be logged in locally.
--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 17.10.2011, <17:58>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2011-10-17 14:20 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-10-13 18:37 Where is /bin/nologin gwodus
2011-10-13 21:20 ` David Sastre
2011-10-13 22:45 ` gwodus
2011-10-14 8:33 ` Corinna Vinschen
2011-10-14 10:05 ` Andrey Repin
2011-10-14 11:56 ` Corinna Vinschen
2011-10-15 8:25 ` gwodus
2011-10-15 8:53 ` Corinna Vinschen
2011-10-17 14:20 ` Andrey Repin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).