-s sh of check_access command
I think "-s sh" is necessary (it should be -s /bin/sh) because the login shell of some users (e.g. daemon program and/or system users) can be /usr/sbin/nologin and/or /bin/false etc. If these login shells are used, the test will always fail.
Any comments are appreciated.