Whats the deal with nologin being a shell script

Norbert Lange nolange79 at gmail.com
Fri Jun 26 07:26:44 UTC 2020


Am Fr., 26. Juni 2020 um 03:45 Uhr schrieb Eli Schwartz
<eschwartz at archlinux.org>:
>
> On 6/25/20 6:33 PM, Norbert Lange wrote:
> > Am Fr., 26. Juni 2020 um 00:25 Uhr schrieb Eli Schwartz
> > <eschwartz at archlinux.org>:
> >>
> >> On 6/25/20 6:13 PM, Norbert Lange wrote:
> >>> Hello,
> >>>
> >>> Seeing that this is pretty much the only embedded-script applet
> >>> (pulling in that feature and requiring a few other applets), with the
> >>> recent commits getting it to work in single-app mode, I am curious to
> >>> why?
> >>>
> >>> Seems to go against busybox usual minimalism.
> >>
> >> It's a demo, intended to demonstrate how the system works rather than be
> >> genuinely useful.
> >
> > /sbin/nologin is usually the default shell for system-users, so I
> > would not call that useless.
>
> The nologin command can be useful and I haven't denied this, but the
> busybox implementation wasn't intended to be a polished version, i.e. it
> wasn't intended to be genuinely useful. It existed since 2011 as
> basically documentation ("here are several shell script implementations
> of various programs, which you may feel free to personally copy to $PATH
> and run using the busybox shell"), then at the end of 2018 busybox grew
> an "embedded scripts" feature and it was moved there.
> https://git.busybox.net/busybox/commit/?id=4f2ef4a836be37b25808c94f41c7c85895db6f93
>
> """
> When scripts are embedded in the binary, scripts can be run as
> 'busybox SCRIPT [ARGS]' or by usual (sym)link mechanism.
>
> embed/nologin is provided as an example.
> """
>
> It is, in short, an example. A demo.
>
> >> Just don't enabe it, I guess. ;)
> >
> > Maybe I would like to have it, but don't have a need for the busybox shell.
>
> If you do not have any other nologin shell, and you would like to use
> one powered in some manner by busybox, then you could probably use the
> "false" applet, with the caveat that it doesn't print a cute message
> "This account is currently not available."

Sure, having a dropin-replacement for coreutils is nice still.
(symlinking to /bin/false wont work, if that's itself a symlink to busybox)

>
> The /bin/false busybox applet would retain the functionality of
> immediately exiting without doing anything, and yielding a non-zero
> error status.
>
> The other option would be, I guess, to implement one properly in C, and
> submit a patch for inclusion.
>
> However, there's little use protesting that busybox never had a nologin
> applet, but currently includes one written as a shell script purely for
> the sake of documenting the embedded scripts feature. As far as you're
> concerned, busybox effectively does not have any sort of nologin applet,
> and therefore there is no difference between nologin, which busybox does
> not implement, and any other command, which busybox does not implement.

I am not "protesting", but worst case would be I spend some time implementing
said applet but for some reason it is not welcome to replace the "demo" applet.
It possibly a roadblock of someone providing a C replacement.

> Feel free to persuasively argue in favor of busybox being a better piece
> of software if it includes a convenient nologin applet.

Yeah, that's my opinion.

> I'm afraid I
> personally am not convinced by any argument claiming it already does
> have one.

I don't get that, you are not convinced because the "demo" is already
sufficient,
or you are not convinced for arguments *preventing* a C nologin applet
(because it already has a shell one)?

Norbert


More information about the busybox mailing list