Whats the deal with nologin being a shell script

Eli Schwartz eschwartz at archlinux.org
Fri Jun 26 01:44:56 UTC 2020


On 6/25/20 6:33 PM, Norbert Lange wrote:
> Am Fr., 26. Juni 2020 um 00:25 Uhr schrieb Eli Schwartz
> <eschwartz at archlinux.org>:
>>
>> On 6/25/20 6:13 PM, Norbert Lange wrote:
>>> Hello,
>>>
>>> Seeing that this is pretty much the only embedded-script applet
>>> (pulling in that feature and requiring a few other applets), with the
>>> recent commits getting it to work in single-app mode, I am curious to
>>> why?
>>>
>>> Seems to go against busybox usual minimalism.
>>
>> It's a demo, intended to demonstrate how the system works rather than be
>> genuinely useful.
> 
> /sbin/nologin is usually the default shell for system-users, so I
> would not call that useless.

The nologin command can be useful and I haven't denied this, but the
busybox implementation wasn't intended to be a polished version, i.e. it
wasn't intended to be genuinely useful. It existed since 2011 as
basically documentation ("here are several shell script implementations
of various programs, which you may feel free to personally copy to $PATH
and run using the busybox shell"), then at the end of 2018 busybox grew
an "embedded scripts" feature and it was moved there.
https://git.busybox.net/busybox/commit/?id=4f2ef4a836be37b25808c94f41c7c85895db6f93

"""
When scripts are embedded in the binary, scripts can be run as
'busybox SCRIPT [ARGS]' or by usual (sym)link mechanism.

embed/nologin is provided as an example.
"""

It is, in short, an example. A demo.

>> Just don't enabe it, I guess. ;)
> 
> Maybe I would like to have it, but don't have a need for the busybox shell.

If you do not have any other nologin shell, and you would like to use
one powered in some manner by busybox, then you could probably use the
"false" applet, with the caveat that it doesn't print a cute message
"This account is currently not available."

The /bin/false busybox applet would retain the functionality of
immediately exiting without doing anything, and yielding a non-zero
error status.

The other option would be, I guess, to implement one properly in C, and
submit a patch for inclusion.

However, there's little use protesting that busybox never had a nologin
applet, but currently includes one written as a shell script purely for
the sake of documenting the embedded scripts feature. As far as you're
concerned, busybox effectively does not have any sort of nologin applet,
and therefore there is no difference between nologin, which busybox does
not implement, and any other command, which busybox does not implement.

Feel free to persuasively argue in favor of busybox being a better piece
of software if it includes a convenient nologin applet. I'm afraid I
personally am not convinced by any argument claiming it already does
have one.

-- 
Eli Schwartz
Arch Linux Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20200625/467e4798/attachment.asc>


More information about the busybox mailing list