[PATCH] nologin: new applet.
Natanael Copa
natanael.copa at gmail.com
Sun Nov 6 15:56:43 UTC 2011
On Fri, Nov 4, 2011 at 6:00 PM, Harald Becker <ralda at gmx.de> wrote:
> Hi!
>
>> +int nologin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
>> +int nologin_main(int argc UNUSED_PARAM, char **argv)
>> +{
>> + int fd;
>> + fd = open("/etc/nologin.txt", O_RDONLY);
>> + if (bb_copyfd_eof(fd, STDOUT_FILENO) == -1)
>> + bb_error_msg_and_die("This account is not available");
>> + if (ENABLE_FEATURE_CLEAN_UP)
>> + close(fd);
>> + return 1;
>> +}
>
> Consider doing a sleep (2 or 3 seconds) after message output before
> dieing. If nologin is run via a standard init/getty/login sequence, the
> screen is most likely cleared shortly after exit of nologin hence humans
> do not have a chance to read the message without a delay. In addition
> the delay allows to slow down login attacks (paranoia).
I think this tool is intended for passwordless accounts (daemons etc)
and this case a delay is meaningless.
> ... and /etc/nologin.txt is no good idea, it is so close to /etc/nologin
> which is something completely different. Do we need it?
No, I dont think we need it. I just used the openbsd implementation.
Looks like the FreeBSD implementation (the one found in shadow
package) only logs it and exits.
> Can we have something different?
I'd prefer dropping support for /etc/nologin.txt than have something
else non-standard.
--
Natanael Copa
More information about the busybox
mailing list