Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 276385 - sys-apps/baselayout-2.0.1 postinst error regarding nonexistent shells is wrong
Summary: sys-apps/baselayout-2.0.1 postinst error regarding nonexistent shells is wrong
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-07-03 17:11 UTC by michael higgins
Modified: 2009-07-06 22:41 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description michael higgins 2009-07-03 17:11:57 UTC 
ebuild log for sys-apps/baselayout-2.0.1 on evolone.org


WARN: postinst
The following users have non-existent shells!
apache - /usr/sbin/nologin
cron - /usr/sbin/nologin
ldap - /usr/sbin/nologin
postfix - /usr/sbin/nologin
sshd - /usr/sbin/nologin


Reproducible: Didn't try

Actual Results:  
Reports incorrect information.

Expected Results:  
Reports correct information, or nothing since it isn't an error, even if correctly reported.

Also, another offered this opinion:

The ebuild should have checked that

a) the account does not have a shell and
b) the account uid falls in the range of system accounts as per login.defs and
c) therefore issued no postinst
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2009-07-04 22:32:35 UTC 
Nope. Valid in this case is explicitly non-existant shells in the shell field. Even system users should have a valid shell. In this case /sbin/nologin (no /usr).
Otherwise the pam_shells or other checks may fail.
Comment 2 SpanKY gentoo-dev 2009-07-05 04:14:00 UTC 
fix your /etc/passwd then
Comment 3 michael higgins 2009-07-06 17:57:53 UTC 
(In reply to comment #2)
> fix your /etc/passwd then
> 

Like is mentioned here? http://bugs.gentoo.org/215698

I'd also note that the message, "The following users have non-existent shells" is just about as useful as no message at all... did I assign them shells?

You should blame something (sys-apps/shadow) and as well suggest a fix in the message if it's such a trivial thing. This is why I asked about it on the mailing list and submitted a bug at the suggestion of another there. And sure enough, there's already a similar bug... against the offending package, with a fix. (And the suggestion not to annoy the users with it, IOW to fix it at the ebuild level, but no matter that, I suppose.)

I think the elog messages should be informative, not cryptic and terse. (This isn't Windows, after all.) Perhaps the same principle should apply to replies from developers to users who are trying to help you make a better (read, more useful or user-friendly) product.

Also, shouldn't this be resolved as a duplicate of http://bugs.gentoo.org/215698 -- since the problem seems to have originated there -- rather than as invalid?
Comment 4 SpanKY gentoo-dev 2009-07-06 22:41:17 UTC 
the changes will not be automated:
 - we do not go modifying critical files on the fly, to easy to screw things up
 - people run tripwire and such to watch critical changes
 - people run cfgengine and such to push out critical files
 - people do not store files in /etc/passwd but use ldap/etc... for auth
 - people could have set the shell to something else on purpose but that location is now gone or it was a typo
 - people could create their own /usr/sbin/nologin to use rather than /sbin/nologin

and for the same reason, we cant interpret the meaning of the missing shells