.\" $Id: msh.man,v 1.11 2012/08/17 14:29:30 ksb Exp $
.\" by Kevin Braunsdorf
.\" $Compile: Display%h
.\" $Display: ${groff-groff} -Tascii -tbl -man %f | ${PAGER:-less}
.\" $Install: %b -mDeinstall %o %f && cp %f $DESTDIR/usr/local/man/man8/msh.8
.\" $Deinstall: ${rm-rm} -f $DESTDIR/usr/local/man/[cm]a[nt]8/msh.8*
.TH MSH 8 LOCAL
.SH NAME
msh - the message shell, explain why a login is frozen
.SH SYNOPSIS
.ds PN "msh
\fI\*(PN\fP [\fIdefault\fP]
.br
\fI\*(PN\fP \fB\-h\fP
.br
\fI\*(PN\fP \fB\-V\fP

.SH DESCRIPTION
.PP
When a login is going to be removed from the system (or moved to
another system) the message shell presents notification to anyone
accessing the system from the defunct account.
This is acomplished by setting the shell of the account to
the path to \fI\*(PN\fP.
.PP
The message is recovered from a spool directory (/var/spool/msh)
by the login name, the primary login group name, the \fIdefault\fP
parameter, or the basename of message shell program path, which ever
is first and available via \fBopen\fP(2).
.PP
If no message can be located, an internal message directing the customer to
the system administrator is displayed.

.SH OPTIONS
Since the message shell is usually run from \fBlogin\fP no command
line switches may be presented.
.TP
\fB\-h\fP
Print a brief help message.
.TP
\fB\-V\fP
Show version information.
.SH EXAMPLES
Build a file \*(lqtoor\*(rq in the default message spool directory,
make a login \*(lqtoor\*(rq in /etc/passwd with
\fB/usr/local/libexec/msh\fP as its login shell
and login.

.SH BUGS
Uses \fBcat\fP to present the message to the user.  A shell-safe
pager would be a better option.
.P
The three second sleep is handy for xterm as well as ISN users.

.SH NOTES
Do \fBnot\fP put this shell in \fI/etc/shells\fP, as that allows
access to the account via FTP.  See also the \fInologin\fP program
under some BSD systems, which is polite but less informative.
.P
If you build a link to the program named \*(lqftpshell\*(rq, that link
may be placed in /etc/shells to allow FTP-only access to a host,
thus replacing \fBftpshell\fP(8l).
.P
Using file permissions to trick the \fBopen\fP(2) of the message to skip
one is not as clever as you might believe.  Most group messages should
be world readable, personal messages should direct the Customer to see
a person (never use the spool as a secure communications channel).


.SH AUTHOR
KS Braunsdorf
.br
shell @ ksb.npcguild.org.noSpam

.SH "SEE ALSO"
sh(1), login(8), cat(1), nologin(8l), ftpshell(8l)