1 |
It's not a limitation of gentoo's shadow package, its a matter of using the |
2 |
right tool for the job. su is for switching between active users, use sudo for |
3 |
executing programs /as/ different users. |
4 |
|
5 |
Try merging sudo then using sudo -u username "start application". |
6 |
|
7 |
-Sri |
8 |
-- |
9 |
sri.gupta@×××××××××××.ca |
10 |
McGill University |
11 |
Montréal, PQ, Canada |
12 |
|
13 |
Quoting Miguel Sousa Filipe <miguel@×××××××××××.pt>: |
14 |
|
15 |
> Hello all, |
16 |
> |
17 |
> The su program in gentoo, that comes with sys-apps/shadow is in my view |
18 |
> very limited. |
19 |
> |
20 |
> In a Suse system, I had several system users with /bin/false has a |
21 |
> shell, since all they did was use the email, and ftp for site updates. |
22 |
> Now that this instalation was migrated to gentoo, I am unable to do |
23 |
> things like: su username -c "start aplication", simply because this |
24 |
> version of su passes it has an argument to the login shell. |
25 |
> And there is no way to override the defined shell. |
26 |
> |
27 |
> Basically, and in short words, this sucks! |
28 |
> I had users that were used to execute tomcat, or a sybase database, and |
29 |
> now they are obliged to have a shell. There is no need for those users |
30 |
> to have a shell. |
31 |
> |
32 |
> More problematic it is with users with mail acounts, that only use the |
33 |
> system for mail, but there is sometimes the need to su username -c |
34 |
> /bin/bash to do or to check certain things. |
35 |
> The reason their shell was /bin/false is because these users are simple |
36 |
> office workers who might leave their password in a postit or in a |
37 |
> drawer. It is a good idea to limit their shell access to the |
38 |
> email/web/database server. |
39 |
> (there isn't the need for a big security or containment policy enforcing) |
40 |
> |
41 |
> |
42 |
> The Suse version of su comes with: |
43 |
> # rpm -qf /bin/su |
44 |
> sh-utils-2.0-106 |
45 |
> and supports the -s argument for passing a valid shell. (and the man |
46 |
> page is very nice) |
47 |
> Our (gentoo) su, doesn't support the -s argument. |
48 |
> |
49 |
> |
50 |
> Is there a way that we have a more flexible, or less limited 'su' by |
51 |
> default? |
52 |
> |
53 |
> Congrats to the gentoo developers, gentoo is "emerging" in the |
54 |
> enterprise world.. |
55 |
> |
56 |
> -- |
57 |
> |
58 |
> Miguel Figueiredo Mascarenhas de Sousa Filipe |
59 |
> email: miguel@×××××××××××.pt (PORTUGAL) |
60 |
> http://mega.ist.utl.pt/~miguel |
61 |
> |
62 |
> Equipa de Administração de Sistemas |
63 |
> Rede das Novas Licenciaturas (RNL) |
64 |
> Instituto Superior Técnico |
65 |
> http://www.rnl.ist.utl.pt |
66 |
> http://mega.ist.utl.pt |
67 |
> |
68 |
> |