[Bug 216813] Re: Lighttpd enables a login shell for user www-data
Launchpad Bug Tracker
216813 at bugs.launchpad.net
Wed Jan 8 00:08:28 UTC 2014
This bug was fixed in the package base-passwd - 3.5.30
---------------
base-passwd (3.5.30) unstable; urgency=medium
[ Colin Watson ]
* Remove config.h.in and configure, now autogenerated by dh-autoreconf.
* Change the shell of all global static users other than root (which
retains /bin/sh) and sync (as /bin/sync is rather harmless) to
/usr/sbin/nologin (closes: #274229; LP: #216813, #248844).
* Policy version 3.9.5.
[ Russ Allbery ]
* Add support for debconf prompting to update-passwd (closes: #184979).
-- Colin Watson <cjwatson at debian.org> Tue, 07 Jan 2014 15:41:06 +0000
** Changed in: base-passwd (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to base-passwd in Ubuntu.
https://bugs.launchpad.net/bugs/216813
Title:
Lighttpd enables a login shell for user www-data
Status in “base-passwd” package in Ubuntu:
Fix Released
Status in “lighttpd” package in Ubuntu:
Invalid
Bug description:
Binary package hint: lighttpd
I'm using Ubuntu 7.10/amd64, this report regards lighttpd 1.4.18-1ubuntu1.3.
The package creates the user www-data, which lighttpd is run as.
However, the www-data user, by default, has the login shell /bin/sh.
I can see no reason why this user has a valid login shell, instead of /bin/false.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/base-passwd/+bug/216813/+subscriptions
More information about the foundations-bugs
mailing list