Date: Mon, 29 Oct 2001 03:30:03 -0800 (PST) From: Peter Pentchev <roam@ringlet.net> To: freebsd-bugs@FreeBSD.org Subject: Re: i386/31582: "su nobody -c command" refuses to work Message-ID: <200110291130.f9TBU3p45053@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR i386/31582; it has been noted by GNATS.
From: Peter Pentchev <roam@ringlet.net>
To: oleg dashevskii <od@iclub.nsu.ru>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: i386/31582: "su nobody -c command" refuses to work
Date: Mon, 29 Oct 2001 14:27:17 +0200
On Mon, Oct 29, 2001 at 04:04:05PM +0600, oleg dashevskii wrote:
>
> >Number: 31582
> >Category: i386
> >Synopsis: "su nobody -c command" refuses to work
> >Originator: oleg dashevskii
> >Release: FreeBSD 4.4-STABLE i386
> >Organization:
> NSU
> >Environment:
> System: FreeBSD iclub.nsu.ru 4.4-STABLE FreeBSD 4.4-STABLE #6: Thu Oct 4 22:35:22 NSS 2001 root@iclub.nsu.ru:/usr/obj/usr/src/sys/iclub i386
>
> >Description:
> su refuses to work for users which have /sbin/nologin as the shell.
> e.g., su man -c catman as specified in `man su` outputs
> "This account is currently not available"
> I've run into this problem trying to issue a command with nobody UID.
>
> >How-To-Repeat:
> su man -c catman
> >Fix:
> ???
Okay, this is currently not documented clearly in the su(1) manual page.
The option -m, as used by the startup and periodic scripts, is what you
need - if you specify -m, su(1) does not try to invoke the user's shell,
but executes your own (root's) login shell. One look at the periodic
scripts would have shown you the syntax used there:
[root@straylight:p0 /etc]# fgrep -w su rc* periodic/*/*
rc.network: su -m ${ppp_user} -c "exec ${ppp_command}"
periodic/daily/340.uucp: echo /etc/uuclean.daily | su -m uucp && rc=0 || rc=3
periodic/weekly/300.uucp: echo /usr/libexec/uucp/clean.weekly | su -m daemon && rc=0 || rc=3
periodic/weekly/310.locate: echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody || rc=3
periodic/weekly/330.catman: su -fm man || rc=3
periodic/weekly/330.catman: "$MANPATH" | su -fm man || rc=3
[root@straylight:p0 /etc]#
And a demonstration:
[root@straylight:v0 /etc]# su nobody -c id
This account is currently not available.
[root@straylight:v0 /etc]# su -m nobody -c id
uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)
[root@straylight:v0 /etc]#
Hope that helps.
G'luck,
Peter
--
"yields falsehood, when appended to its quotation." yields falsehood, when appended to its quotation.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110291130.f9TBU3p45053>