| 1 |
It's not a limitation of gentoo's shadow package, its a matter of using the |
| 2 |
right tool for the job. su is for switching between active users, use sudo for |
| 3 |
executing programs /as/ different users. |
| 4 |
|
| 5 |
Try merging sudo then using sudo -u username "start application". |
| 6 |
|
| 7 |
-Sri |
| 8 |
-- |
| 9 |
sri.gupta@×××××××××××.ca |
| 10 |
McGill University |
| 11 |
Montréal, PQ, Canada |
| 12 |
|
| 13 |
Quoting Miguel Sousa Filipe <miguel@×××××××××××.pt>: |
| 14 |
|
| 15 |
> Hello all, |
| 16 |
> |
| 17 |
> The su program in gentoo, that comes with sys-apps/shadow is in my view |
| 18 |
> very limited. |
| 19 |
> |
| 20 |
> In a Suse system, I had several system users with /bin/false has a |
| 21 |
> shell, since all they did was use the email, and ftp for site updates. |
| 22 |
> Now that this instalation was migrated to gentoo, I am unable to do |
| 23 |
> things like: su username -c "start aplication", simply because this |
| 24 |
> version of su passes it has an argument to the login shell. |
| 25 |
> And there is no way to override the defined shell. |
| 26 |
> |
| 27 |
> Basically, and in short words, this sucks! |
| 28 |
> I had users that were used to execute tomcat, or a sybase database, and |
| 29 |
> now they are obliged to have a shell. There is no need for those users |
| 30 |
> to have a shell. |
| 31 |
> |
| 32 |
> More problematic it is with users with mail acounts, that only use the |
| 33 |
> system for mail, but there is sometimes the need to su username -c |
| 34 |
> /bin/bash to do or to check certain things. |
| 35 |
> The reason their shell was /bin/false is because these users are simple |
| 36 |
> office workers who might leave their password in a postit or in a |
| 37 |
> drawer. It is a good idea to limit their shell access to the |
| 38 |
> email/web/database server. |
| 39 |
> (there isn't the need for a big security or containment policy enforcing) |
| 40 |
> |
| 41 |
> |
| 42 |
> The Suse version of su comes with: |
| 43 |
> # rpm -qf /bin/su |
| 44 |
> sh-utils-2.0-106 |
| 45 |
> and supports the -s argument for passing a valid shell. (and the man |
| 46 |
> page is very nice) |
| 47 |
> Our (gentoo) su, doesn't support the -s argument. |
| 48 |
> |
| 49 |
> |
| 50 |
> Is there a way that we have a more flexible, or less limited 'su' by |
| 51 |
> default? |
| 52 |
> |
| 53 |
> Congrats to the gentoo developers, gentoo is "emerging" in the |
| 54 |
> enterprise world.. |
| 55 |
> |
| 56 |
> -- |
| 57 |
> |
| 58 |
> Miguel Figueiredo Mascarenhas de Sousa Filipe |
| 59 |
> email: miguel@×××××××××××.pt (PORTUGAL) |
| 60 |
> http://mega.ist.utl.pt/~miguel |
| 61 |
> |
| 62 |
> Equipa de Administração de Sistemas |
| 63 |
> Rede das Novas Licenciaturas (RNL) |
| 64 |
> Instituto Superior Técnico |
| 65 |
> http://www.rnl.ist.utl.pt |
| 66 |
> http://mega.ist.utl.pt |
| 67 |
> |
| 68 |
> |
Archives