From owner-freebsd-bugs Mon Oct 29 3:30:16 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9AAAB37B439 for ; Mon, 29 Oct 2001 03:30:03 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f9TBU3p45053; Mon, 29 Oct 2001 03:30:03 -0800 (PST) (envelope-from gnats) Date: Mon, 29 Oct 2001 03:30:03 -0800 (PST) Message-Id: <200110291130.f9TBU3p45053@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Peter Pentchev Subject: Re: i386/31582: "su nobody -c command" refuses to work Reply-To: Peter Pentchev Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR i386/31582; it has been noted by GNATS. From: Peter Pentchev To: oleg dashevskii Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: i386/31582: "su nobody -c command" refuses to work Date: Mon, 29 Oct 2001 14:27:17 +0200 On Mon, Oct 29, 2001 at 04:04:05PM +0600, oleg dashevskii wrote: > > >Number: 31582 > >Category: i386 > >Synopsis: "su nobody -c command" refuses to work > >Originator: oleg dashevskii > >Release: FreeBSD 4.4-STABLE i386 > >Organization: > NSU > >Environment: > System: FreeBSD iclub.nsu.ru 4.4-STABLE FreeBSD 4.4-STABLE #6: Thu Oct 4 22:35:22 NSS 2001 root@iclub.nsu.ru:/usr/obj/usr/src/sys/iclub i386 > > >Description: > su refuses to work for users which have /sbin/nologin as the shell. > e.g., su man -c catman as specified in `man su` outputs > "This account is currently not available" > I've run into this problem trying to issue a command with nobody UID. > > >How-To-Repeat: > su man -c catman > >Fix: > ??? Okay, this is currently not documented clearly in the su(1) manual page. The option -m, as used by the startup and periodic scripts, is what you need - if you specify -m, su(1) does not try to invoke the user's shell, but executes your own (root's) login shell. One look at the periodic scripts would have shown you the syntax used there: [root@straylight:p0 /etc]# fgrep -w su rc* periodic/*/* rc.network: su -m ${ppp_user} -c "exec ${ppp_command}" periodic/daily/340.uucp: echo /etc/uuclean.daily | su -m uucp && rc=0 || rc=3 periodic/weekly/300.uucp: echo /usr/libexec/uucp/clean.weekly | su -m daemon && rc=0 || rc=3 periodic/weekly/310.locate: echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody || rc=3 periodic/weekly/330.catman: su -fm man || rc=3 periodic/weekly/330.catman: "$MANPATH" | su -fm man || rc=3 [root@straylight:p0 /etc]# And a demonstration: [root@straylight:v0 /etc]# su nobody -c id This account is currently not available. [root@straylight:v0 /etc]# su -m nobody -c id uid=65534(nobody) gid=65534(nobody) groups=65534(nobody) [root@straylight:v0 /etc]# Hope that helps. G'luck, Peter -- "yields falsehood, when appended to its quotation." yields falsehood, when appended to its quotation. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message