Dan Nicholson wrote: > On 3/25/07, Bruce Dubbs <[EMAIL PROTECTED]> wrote: >> Dan Nicholson wrote: >>> On 3/25/07, Robert Connolly <[EMAIL PROTECTED]> wrote: >>>> I dunno if any of you have tried it, but we can use nobody for the >>>> Coreutils >>>> tests. Add "nogroup" and "nobody" to /etc/group, and "nobody" in >>>> /etc/passwd >>>> in the "nobody" group. For the src/su command, add '-s /bin/sh' so >>>> that /bin/false won't be used. >>> That seems fine to me. >> I don't agree. The nobody user should never have a valid login shell or >> home directory. If a temporary user is needed for the Coreutils tests, >> add a temp user and then as the INSTALL file says, `sudo env >> NON_ROOT_USERNAME=$USER make -k check`. Delete the temp user when done. > > If I understand Robert correctly, the nobody user doesn't have to have > a valid home directory or login shell. He's just saying to execute su > -s /bin/bash ... so that /bin/false isn't used. You can does this > anyway right now. > > # grep ^nobody /etc/passwd > nobody:x:99:99:unprivileged nobody:/dev/null:/bin/false > # su -s /bin/bash nobody -c "echo no home directory needed" > no home directory needed > > Oh, we already create nobody:nobody in LFS, so we could do this right now.
I see. I withdraw my objection. >>>> I'd also like to suggest we use /sbin/nologin (from Shadow), instead >>>> of /bin/false. 'nologin' is the same as 'false', except it gives a polite >>>> message explaining the account is suspended. It's intended for login >>>> accounts, while /bin/false is intended for everything else. >>> Also seems fine to me, but I have no idea what the >>> history/implications of that change would be. >> Using /sbin/nologin to give a "polite" message for accounts that should >> *never* be tried is overkill. To me, its not an accident and users >> trying that don't need or deserve courtesy. I prefer /bin/false. >> >> That said, it doesn't make a practical difference. > > Sure. Maybe it's worth a mention that system users get /bin/false but > that /sbin/nologin can also be used. In fact, I don't think that the > /dev/null home directory, /bin/false login shell is currently > explained anywhere in LFS or BLFS. The discussion would be good even > if we don't change the current situation. I know it seemed strange to > me the first time I saw one of those entries in passwd. Additional explanation in chapter06/createfiles.html would never be a bad thing. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
