1 |
Hello |
2 |
|
3 |
perhaps setting the shell to '/bin/true' |
4 |
might help you .... |
5 |
|
6 |
AFAIK that means that the just can NOT login interaktive, |
7 |
but can use the other services . |
8 |
|
9 |
If you got su / sudo working with gentoo ( the thing with |
10 |
the group 'wheel' ) you / the user should be able to do 'su <<username>>' |
11 |
|
12 |
NOTE : |
13 |
I think 'su - <<username>>' should not work with shell '/bin/true' |
14 |
because it tries to restart the shell |
15 |
|
16 |
|
17 |
Martin |
18 |
|
19 |
--- |
20 |
|
21 |
Miguel Sousa Filipe wrote: |
22 |
> Hello all, |
23 |
> |
24 |
> The su program in gentoo, that comes with sys-apps/shadow is in my view |
25 |
> very limited. |
26 |
> |
27 |
> In a Suse system, I had several system users with /bin/false has a |
28 |
> shell, since all they did was use the email, and ftp for site updates. |
29 |
> Now that this instalation was migrated to gentoo, I am unable to do |
30 |
> things like: su username -c "start aplication", simply because this |
31 |
> version of su passes it has an argument to the login shell. |
32 |
> And there is no way to override the defined shell. |
33 |
> |
34 |
> Basically, and in short words, this sucks! |
35 |
> I had users that were used to execute tomcat, or a sybase database, and |
36 |
> now they are obliged to have a shell. There is no need for those users |
37 |
> to have a shell. |
38 |
> |
39 |
> More problematic it is with users with mail acounts, that only use the |
40 |
> system for mail, but there is sometimes the need to su username -c |
41 |
> /bin/bash to do or to check certain things. |
42 |
> The reason their shell was /bin/false is because these users are simple |
43 |
> office workers who might leave their password in a postit or in a |
44 |
> drawer. It is a good idea to limit their shell access to the |
45 |
> email/web/database server. |
46 |
> (there isn't the need for a big security or containment policy enforcing) |
47 |
> |
48 |
> |
49 |
> The Suse version of su comes with: |
50 |
> # rpm -qf /bin/su |
51 |
> sh-utils-2.0-106 |
52 |
> and supports the -s argument for passing a valid shell. (and the man |
53 |
> page is very nice) |
54 |
> Our (gentoo) su, doesn't support the -s argument. |
55 |
> |
56 |
> |
57 |
> Is there a way that we have a more flexible, or less limited 'su' by |
58 |
> default? |
59 |
> |
60 |
> Congrats to the gentoo developers, gentoo is "emerging" in the |
61 |
> enterprise world.. |
62 |
> |