Dan Nicholson wrote: > On 3/25/07, Robert Connolly <[EMAIL PROTECTED]> wrote: >> I dunno if any of you have tried it, but we can use nobody for the Coreutils >> tests. Add "nogroup" and "nobody" to /etc/group, and "nobody" in /etc/passwd >> in the "nobody" group. For the src/su command, add '-s /bin/sh' so >> that /bin/false won't be used. > > That seems fine to me.
I don't agree. The nobody user should never have a valid login shell or home directory. If a temporary user is needed for the Coreutils tests, add a temp user and then as the INSTALL file says, `sudo env NON_ROOT_USERNAME=$USER make -k check`. Delete the temp user when done. I know we don't build sudo in LFS, but perhaps an equivalent su command could be used. >> I'd also like to suggest we use /sbin/nologin (from Shadow), instead >> of /bin/false. 'nologin' is the same as 'false', except it gives a polite >> message explaining the account is suspended. It's intended for login >> accounts, while /bin/false is intended for everything else. > > Also seems fine to me, but I have no idea what the > history/implications of that change would be. Using /sbin/nologin to give a "polite" message for accounts that should *never* be tried is overkill. To me, its not an accident and users trying that don't need or deserve courtesy. I prefer /bin/false. That said, it doesn't make a practical difference. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
