On Tue, 13 Mar 2007, Kenneth Burgener wrote:
I got around to trying this today, but when I run my program I get an error saying: [EMAIL PROTECTED] ~]# su -l myuser -c "/usr/myapp/myprogram" "This account is currently not available." Originally I created this user in /etc/passwd as follows: myuser:x:500:500::/tmp:/sbin/nologin When I changed the shell parameter to: myuser:x:500:500::/tmp:/bin/bash I was able to run the fine, and it showed up in the 'ps' list as running as myuser: # ps aux ... myuser 2470 0.0 0.0 5956 372 ? Ss 16:36 0:00 /usr/myapp/myprogram and all files created by 'myprogram' are created as the 'myuser' program, which is what I wanted. But I wonder if having the 'myuser' with a default shell (and no password) would be a security hole, and possibly allow someone to SSH to my box using this user account. I noticed all other daemon users have "/sbin/nologin" as their default shell, and I assume they do this for a reason. Should I be concerned with this?
Yes, be very concerned. What was the IP of that machine again? ;) /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
