7496b07
@@ -1,2 +1,2 @@
#Type Name ID GECOS Home directory Shell
- u sshd 74 "Privilege-separated SSH" /usr/share/empty.sshd -
+ u sshd 74 "Privilege-separated SSH" /usr/share/empty.sshd /sbin/nologin
https://gitlab.com/redhat/centos-stream/rpms/openssh/-/merge_requests/52#note_1456158500
Build succeeded. https://fedora.softwarefactory-project.io/zuul/buildset/8988dcbca67a406ba524dbb33ff85522
I'm not a fan. If we start doing that, then we'll have to update all our sysusers config files to match. I think this should be discussed at the packaging committee level: https://pagure.io/packaging-committee
FWIW, the package guidelines already use /sbin/nologin in the sysusers example.
/sbin/nologin
https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation
Of course being in the example is not the same thing as a SHOULD/MUST requirement to use that shell. If guidance on that is desired, please file a Packaging Committee issue (or even better, a PR to the guidelines with the desired wording) and we'll discuss it at a future meeting.
https://gitlab.com/redhat/centos-stream/rpms/openssh/-/merge_requests/52#note_1456158500