From owner-freebsd-questions@FreeBSD.ORG Thu Feb 14 15:02:00 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 483B116A418 for ; Thu, 14 Feb 2008 15:02:00 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (mail.computinginnovations.com [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id DEBDA13C4CE for ; Thu, 14 Feb 2008 15:01:59 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.14.2/8.13.8) with ESMTP id m1EF1hB1060357; Thu, 14 Feb 2008 09:01:44 -0600 (CST) (envelope-from derek@computinginnovations.com) Message-Id: <6.0.0.22.2.20080214085041.02438ce8@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Thu, 14 Feb 2008 09:01:08 -0600 To: Alex Zbyslaw , freebsd-questions@freebsd.org From: Derek Ragona In-Reply-To: <47B44D25.10804@dial.pipex.com> References: <6.0.0.22.2.20080212190133.024c3008@mail.computinginnovations.com> <6.0.0.22.2.20080213125757.02532c58@mail.computinginnovations.com> <47B44D25.10804@dial.pipex.com> Mime-Version: 1.0 X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Help with su on 6.3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Feb 2008 15:02:00 -0000 At 08:16 AM 2/14/2008, Alex Zbyslaw wrote: >Derek Ragona wrote: > >>I usually just set the shell to /usr/bin/false or /usr/sbin/nologin for >>users like these. Of course you can't test these interactively with >>su. If you want to do that, give the account a valid login shell, test >>it, then set it to false or nologin. >It's not clear to me what you mean by "you can't test these interactively >with su". If you mean you can't su to them and get a shell; that's wrong. > >su -m account_with_fake_shell > >--Alex Alex, What I meant to say was that you can: su -m account_with_fake_shell But you can't: su - account_with_fake_shell and then test any command and scripts in the user's environment. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.