Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!gatech!hao!ames!amdcad!sun!gorodish!guy
From: guy%gorodish@Sun.COM (Guy Harris)
Newsgroups: comp.unix.questions
Subject: Re: Why does vipw *require* /bin/csh ?
Message-ID: <25226@sun.uucp>
Date: Mon, 10-Aug-87 15:30:34 EDT
Article-I.D.: sun.25226
Posted: Mon Aug 10 15:30:34 1987
Date-Received: Tue, 11-Aug-87 06:07:32 EDT
References: <2647@lifia.UUCP>
Sender: news@sun.uucp
Lines: 24
Keywords: vipw

> When you call vipw ... it also verifies that your shell  is bin/csh or
> /bin/sh, which  forbids  you to use another shell when su'ed.
> 
> Is there a good reason for this ?

Some have argued that there is a good reason for providing *some* form of
checking on the login shell.  The 4.2BSD version of "chsh" only allowed a user
to change their login shell to "/bin/sh" or "/bin/csh", although the super-user
could change it arbitrarily.  The claim was that this prevented somebody from
walking up to your terminal while you were on the toilet and changing your
login shell to something funny, or something like that.

4.3BSD does it a bit better; if the file "/etc/shells" exists, you can change
your login shell to anything listed in that file.

"vipw" really should use "/etc/shells" to validate the shell, rather than
having "/bin/sh" and "/bin/csh" hardcoded into it.  It looks like Arnold
Robbins posted a fix at some point to make it do exactly that.  Basically, it
should use "getusershell" to scan the list of valid shells; this routine
handles defaulting to "/bin/sh" and "/bin/csh" if there is no "/etc/shells"
file.
	Guy Harris
	{ihnp4, decvax, seismo, decwrl, ...}!sun!guy
	guy@sun.com