"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Stefan Sperling <stsp@stsp.name>
Subject:
Re: anonymous gotsh user's password entry and security(8)
To:
Alexander Arkhipov <aa@manpager.net>
Cc:
gameoftrees@openbsd.org
Date:
Wed, 14 Jun 2023 18:24:00 +0200

Download raw body.

Thread
On Wed, Jun 14, 2023 at 05:39:28PM +0300, Alexander Arkhipov wrote:
> Sorry if that's been asked before: I've read the gotd(8), gotsh(1) and
> got.conf(5) man pages, and searched through the list, but can't find the
> information.
> 
> I have anonymous gotd set up on an OpenBSD box. The password entry looks
> like this:
> 
> anon::1006:1006::0:0:Anon:/var/empty:/usr/local/bin/gotsh
> 
> However, I get daily messages to my mail like so:
> 
> > Running security(8):
> > 
> > Checking the /etc/master.passwd file:
> > Login anon has no password.
> 
> I have also read security(8), and the script /usr/libexec/security
> itself. It seems that an exception is only ever made for the user
> anoncvs running anoncvssh.
> 
> 		nag $pwd eq '' && !($name eq 'anoncvs' &&
> 				    $shell =~ /\/anoncvssh$/),
> 		    "Login $name has no password.";
> 
> So, is there something special I need to do to get rid of these
> messages? Do I just make an ad-hoc modification of the script and wait
> for better times?

For now, either ignore the message or tweak the script. I don't know if
a patch to security(8) to remove this message for gotsh(1) in a similar
way would be accepted. Probably not at this stage.