On 7/21/2011 4:00 PM, Daniel Neuberger wrote:
On Thu, Jul 21, 2011 at 2:13 PM, Nico Kadel-Garcia<nka...@gmail.com> wrote:
Don't give the shared "svn" user a valid shell!!!! If an administrator
needs to run operations as that user, to manipulate config files or
create new repositories, they can do "sudo -s -H -u svn" to get a
valid shell as the administrative user. Sudo can even be configured to
allow designated users such administrative access without requing
local root privileges at all.
Hmm, why didn't I think of that? It doesn't seem to work though.
Setting the shell to /bin/nologin or even just fakeshell breaks
everything. Is there another way to give an invalid shell?
How about /bin/false? This is the "shell" defined for all of the
non-login (e.g. daemon) accounts on my machines.
--
David Chapman dcchap...@acm.org
Chapman Consulting -- San Jose, CA
