| 1 |
Hello |
| 2 |
|
| 3 |
perhaps setting the shell to '/bin/true' |
| 4 |
might help you .... |
| 5 |
|
| 6 |
AFAIK that means that the just can NOT login interaktive, |
| 7 |
but can use the other services . |
| 8 |
|
| 9 |
If you got su / sudo working with gentoo ( the thing with |
| 10 |
the group 'wheel' ) you / the user should be able to do 'su <<username>>' |
| 11 |
|
| 12 |
NOTE : |
| 13 |
I think 'su - <<username>>' should not work with shell '/bin/true' |
| 14 |
because it tries to restart the shell |
| 15 |
|
| 16 |
|
| 17 |
Martin |
| 18 |
|
| 19 |
--- |
| 20 |
|
| 21 |
Miguel Sousa Filipe wrote: |
| 22 |
> Hello all, |
| 23 |
> |
| 24 |
> The su program in gentoo, that comes with sys-apps/shadow is in my view |
| 25 |
> very limited. |
| 26 |
> |
| 27 |
> In a Suse system, I had several system users with /bin/false has a |
| 28 |
> shell, since all they did was use the email, and ftp for site updates. |
| 29 |
> Now that this instalation was migrated to gentoo, I am unable to do |
| 30 |
> things like: su username -c "start aplication", simply because this |
| 31 |
> version of su passes it has an argument to the login shell. |
| 32 |
> And there is no way to override the defined shell. |
| 33 |
> |
| 34 |
> Basically, and in short words, this sucks! |
| 35 |
> I had users that were used to execute tomcat, or a sybase database, and |
| 36 |
> now they are obliged to have a shell. There is no need for those users |
| 37 |
> to have a shell. |
| 38 |
> |
| 39 |
> More problematic it is with users with mail acounts, that only use the |
| 40 |
> system for mail, but there is sometimes the need to su username -c |
| 41 |
> /bin/bash to do or to check certain things. |
| 42 |
> The reason their shell was /bin/false is because these users are simple |
| 43 |
> office workers who might leave their password in a postit or in a |
| 44 |
> drawer. It is a good idea to limit their shell access to the |
| 45 |
> email/web/database server. |
| 46 |
> (there isn't the need for a big security or containment policy enforcing) |
| 47 |
> |
| 48 |
> |
| 49 |
> The Suse version of su comes with: |
| 50 |
> # rpm -qf /bin/su |
| 51 |
> sh-utils-2.0-106 |
| 52 |
> and supports the -s argument for passing a valid shell. (and the man |
| 53 |
> page is very nice) |
| 54 |
> Our (gentoo) su, doesn't support the -s argument. |
| 55 |
> |
| 56 |
> |
| 57 |
> Is there a way that we have a more flexible, or less limited 'su' by |
| 58 |
> default? |
| 59 |
> |
| 60 |
> Congrats to the gentoo developers, gentoo is "emerging" in the |
| 61 |
> enterprise world.. |
| 62 |
> |
Archives