/etc/nologin must be world-readable which is not totally clear

Dmitry V. Levin ldv at altlinux.org
Tue Jan 12 12:29:05 EST 2010


On Tue, Jan 12, 2010 at 12:24:20PM +1100, Darren Tucker wrote:
> On Mon, Jan 11, 2010 at 12:46:05PM +0100, Jan Pechanec wrote:
> > 	hi, the man page for sshd(1) says about /etc/nologin: "The file 
> > should be world-readable". However, nologin has no effect if it's not 
> > readable by the connecting user:
> 
> I agree that the existence of an unreadable /etc/nologin should prevent
> logins since it's pretty clear that's the admin's intent, so it's a bug
> in the code not the docs.
> 
> The simple solution is to check errno for EPERM.  I'm about to apply the
> following patch which should cover it.

Please check for EACCES, too.


-- 
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100112/0c005299/attachment.bin>


More information about the openssh-unix-dev mailing list