[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SHELL=/bin/false but user can still log in

/ 2003-10-29 07:22:53 -0000
\ Hollweg, Daniel:
> Hi List,
> I have an problem with my SuSe 8.2 installation with all current
> security patches applied.  If I enter /bin/false as login shell
> in the /etc/passwd the user can still login and gets shell
> access. After rebooting the system the shell entry in the
> /etc/passwd is processed correct and  a login attempt is closed
> as you would expect. Other entries like home dir in the passwd
> are parsed correct.

just a thought: "rcnscd restart"

 Nscd provides cacheing for  the  passwd(5),  group(5)  and
      hosts(5)  databases through standard libc interfaces, such
      as  getpwnam(3),  getpwuid(3),  getgrnam(3),  getgrgid(3),
      gethostbyname(3) and others. Each cache has a separate TTL
      (time-to-live) for its data; modifying the local  database
      ( /etc/passwd, and so forth) causes that the cache becomes
      invalidated within fifteen seconds.

	ah. maybe this ttl was not 15s but longer on your box?

      Note that  the  shadow file is specifically not cached.
      getspnam(3) calls remain uncached as a result.

only if nscd is used by login and companions, which I assume,
but did not verify.

	Lars Ellenberg

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here