Giorgos Keramidas wrote:
On 2007-11-09 16:34, Alex Zbyslaw <[EMAIL PROTECTED]> wrote:
[ discussing `su -m' option ]
Also the only way I know on FreeBSD to interactively become a user
with no real shell (true, nologin etc).
It should be possible to type:
su username
i.e. here's an ftp session on my laptop:
[EMAIL PROTECTED]:/root# fgrep ftp: /etc/passwd
ftp:*:1003:1003:& user:/home/ftp:/usr/sbin/nologin
[EMAIL PROTECTED]:/root# su ftp
[EMAIL PROTECTED]:/root$ id
uid=1003(ftp) gid=1003 groups=1003
[EMAIL PROTECTED]:/root$
Good idea, though :)
Must be new, because in 5.4 I get:
100 {root @ cartman} # fgrep ftp: /etc/passwd
ftp:*:6000:6000:Anon FTP:/home/ftp:/usr/sbin/nologin
101 {root @ cartman} # su ftp
This account is currently not available.
102 {root @ cartman} # id
uid=0(root) gid=0(wheel) groups=0(wheel)
103 {root @ cartman} # su -m ftp
([EMAIL PROTECTED])1% id
uid=6000(ftp) gid=6000(ftp) groups=6000(ftp)
([EMAIL PROTECTED])2% exit
104 {root @ cartman} # /usr/sbin/nologin
This account is currently not available.
105 {root @ cartman} # alias su
106 {root @ cartman} # which su
/usr/bin/su
I find the behaviour you get definitely undesirable. There are
occasionally accounts have special purpose shells which do work in some
restricted fashion which you *might* want to use (in which case you can
su) or which you might not (so you su -m). I don't know off hand of any
PD examples, but I maintain some proprietary software which has an
account which uses a "shell" which understands various keywords and
commands, which restricts what you can do over ssh, for example. But
for maintenance you sometimes just want to be that user with a regular
shell. I can't see how to achieve that given the behaviour you seem to
get with su.
I seem to recall mharc being a bit like this - certainly needed the
Linux equivalent "su -s /bin/csh" when doing stuff with it.
There's no indication in the online man pages that su should behave the
way you've shown it, unless I'm missing something (a distinct
possibility :-)). Even the page from FreeBSD-7 says "The invoked shell
is the one belonging to the target login." Your /usr/sbin/nologin isn't
a real shell, is it? Or you have some alias for su? Who knows, maybe
it's because I run csh - there does seem to be special case code for it
in su.c but I can't see how it would have this effect!
Confused.
--Alex
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
