1 |
Hello all, |
2 |
|
3 |
The su program in gentoo, that comes with sys-apps/shadow is in my view |
4 |
very limited. |
5 |
|
6 |
In a Suse system, I had several system users with /bin/false has a |
7 |
shell, since all they did was use the email, and ftp for site updates. |
8 |
Now that this instalation was migrated to gentoo, I am unable to do |
9 |
things like: su username -c "start aplication", simply because this |
10 |
version of su passes it has an argument to the login shell. |
11 |
And there is no way to override the defined shell. |
12 |
|
13 |
Basically, and in short words, this sucks! |
14 |
I had users that were used to execute tomcat, or a sybase database, and |
15 |
now they are obliged to have a shell. There is no need for those users |
16 |
to have a shell. |
17 |
|
18 |
More problematic it is with users with mail acounts, that only use the |
19 |
system for mail, but there is sometimes the need to su username -c |
20 |
/bin/bash to do or to check certain things. |
21 |
The reason their shell was /bin/false is because these users are simple |
22 |
office workers who might leave their password in a postit or in a |
23 |
drawer. It is a good idea to limit their shell access to the |
24 |
email/web/database server. |
25 |
(there isn't the need for a big security or containment policy enforcing) |
26 |
|
27 |
|
28 |
The Suse version of su comes with: |
29 |
# rpm -qf /bin/su |
30 |
sh-utils-2.0-106 |
31 |
and supports the -s argument for passing a valid shell. (and the man |
32 |
page is very nice) |
33 |
Our (gentoo) su, doesn't support the -s argument. |
34 |
|
35 |
|
36 |
Is there a way that we have a more flexible, or less limited 'su' by |
37 |
default? |
38 |
|
39 |
Congrats to the gentoo developers, gentoo is "emerging" in the |
40 |
enterprise world.. |
41 |
|
42 |
-- |
43 |
|
44 |
Miguel Figueiredo Mascarenhas de Sousa Filipe |
45 |
email: miguel@×××××××××××.pt (PORTUGAL) |
46 |
http://mega.ist.utl.pt/~miguel |
47 |
|
48 |
Equipa de Administração de Sistemas |
49 |
Rede das Novas Licenciaturas (RNL) |
50 |
Instituto Superior Técnico |
51 |
http://www.rnl.ist.utl.pt |
52 |
http://mega.ist.utl.pt |