Date: Sat, 10 Nov 2007 00:47:54 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Alex Zbyslaw <xfb52@dial.pipex.com> Cc: freebsd-questions@freebsd.org Subject: Re: Dangers of using a non-base shell Message-ID: <20071109224754.GA35295@kobe.laptop> In-Reply-To: <4734A293.7040106@dial.pipex.com> References: <472647A0.3030009@brookes.ac.uk> <20071030113912.GB3941@kobe.laptop> <20071109155558.GF8728@amilo.cenkes.org> <20071109160809.GA14984@kobe.laptop> <47348BF9.7050402@dial.pipex.com> <20071109171716.GA16016@kobe.laptop> <4734A293.7040106@dial.pipex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2007-11-09 18:10, Alex Zbyslaw <xfb52@dial.pipex.com> wrote: > Giorgos Keramidas wrote: >> i.e. here's an ftp session on my laptop: >> >> root@kobe:/root# fgrep ftp: /etc/passwd >> ftp:*:1003:1003:& user:/home/ftp:/usr/sbin/nologin >> root@kobe:/root# su ftp >> root@kobe:/root$ id >> uid=1003(ftp) gid=1003 groups=1003 >> root@kobe:/root$ > > Must be new, because in 5.4 I get: > [...] > I find the behaviour you get definitely undesirable. There are > occasionally accounts have special purpose shells which do work in > some restricted fashion which you *might* want to use (in which case > you can su) or which you might not (so you su -m). [...] False alarm. I had a desynced /etc/pwd.db when this happened. The correct behavior with nologin as the shell is: root@kobe:/root# su ftp This account is currently not available. root@kobe:/root# > Confused. I apologize for the confusion :/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071109224754.GA35295>