On Wed, 2004-10-13 at 14:33, Scott Garman wrote: > The man page for su shows an option for changing the default shell that > is run, "-s". I assume the risk here would be if one of these users were > to run "su <shutdownacct> -s /bin/bash" and use the shutdown account's > password to obtain an unrestricted root shell. I've never tried this so > I'm not sure if that would work.
This is exactly the kind of thing I was concerned about. Surprisingly, I tried it on a local test system here, and doing a: # su -s /bin/bash shutdown [ask for password] from a normal user, still caused the system to power down. How was that accomplished? Anybody? -- "... one of the main causes of the fall of the Roman Empire was that, lacking zero, they had no way to indicate successful termination of their C programs." -- Robert Firth Cole Tuininga Lead Developer Code Energy, Inc [EMAIL PROTECTED] PGP Key ID: 0x43E5755D _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss