| 1 |
Hello all, |
| 2 |
|
| 3 |
The su program in gentoo, that comes with sys-apps/shadow is in my view |
| 4 |
very limited. |
| 5 |
|
| 6 |
In a Suse system, I had several system users with /bin/false has a |
| 7 |
shell, since all they did was use the email, and ftp for site updates. |
| 8 |
Now that this instalation was migrated to gentoo, I am unable to do |
| 9 |
things like: su username -c "start aplication", simply because this |
| 10 |
version of su passes it has an argument to the login shell. |
| 11 |
And there is no way to override the defined shell. |
| 12 |
|
| 13 |
Basically, and in short words, this sucks! |
| 14 |
I had users that were used to execute tomcat, or a sybase database, and |
| 15 |
now they are obliged to have a shell. There is no need for those users |
| 16 |
to have a shell. |
| 17 |
|
| 18 |
More problematic it is with users with mail acounts, that only use the |
| 19 |
system for mail, but there is sometimes the need to su username -c |
| 20 |
/bin/bash to do or to check certain things. |
| 21 |
The reason their shell was /bin/false is because these users are simple |
| 22 |
office workers who might leave their password in a postit or in a |
| 23 |
drawer. It is a good idea to limit their shell access to the |
| 24 |
email/web/database server. |
| 25 |
(there isn't the need for a big security or containment policy enforcing) |
| 26 |
|
| 27 |
|
| 28 |
The Suse version of su comes with: |
| 29 |
# rpm -qf /bin/su |
| 30 |
sh-utils-2.0-106 |
| 31 |
and supports the -s argument for passing a valid shell. (and the man |
| 32 |
page is very nice) |
| 33 |
Our (gentoo) su, doesn't support the -s argument. |
| 34 |
|
| 35 |
|
| 36 |
Is there a way that we have a more flexible, or less limited 'su' by |
| 37 |
default? |
| 38 |
|
| 39 |
Congrats to the gentoo developers, gentoo is "emerging" in the |
| 40 |
enterprise world.. |
| 41 |
|
| 42 |
-- |
| 43 |
|
| 44 |
Miguel Figueiredo Mascarenhas de Sousa Filipe |
| 45 |
email: miguel@×××××××××××.pt (PORTUGAL) |
| 46 |
http://mega.ist.utl.pt/~miguel |
| 47 |
|
| 48 |
Equipa de Administração de Sistemas |
| 49 |
Rede das Novas Licenciaturas (RNL) |
| 50 |
Instituto Superior Técnico |
| 51 |
http://www.rnl.ist.utl.pt |
| 52 |
http://mega.ist.utl.pt |
Archives