From owner-freebsd-security Fri Mar 22 12:49:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from goofy.epylon.com (sf-gw.epylon.com [63.93.9.98]) by hub.freebsd.org (Postfix) with ESMTP id C3A3C37B42F for ; Fri, 22 Mar 2002 12:48:53 -0800 (PST) Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19) id ; Fri, 22 Mar 2002 12:48:52 -0800 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF4C4@goofy.epylon.lan> From: "DiCioccio, Jason" To: 'Anthony Schneider' , Fernan Aguero Cc: FreeBSD Security Subject: RE: su -c user command not working Date: Fri, 22 Mar 2002 12:48:51 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Also you can try: su -m man -c catman Cheers, - -JD- - -----Original Message----- From: Anthony Schneider [mailto:aschneid@mail.slc.edu] Sent: Friday, March 22, 2002 12:37 PM To: Fernan Aguero Cc: FreeBSD Security Subject: Re: su -c user command not working the -c flag passes a command to the shell of the user you are su'ing to, so since user man's shell is /sbin/nologin, /sbin/nologin is (according to su) supposed to interpret the command 'catman' and execute it, however /sbin/nologin doesn't interpret commands, it just prints the message "This account is currently unavailable" (just as it did for you) and then exits. for 'su -c' to work, the user you are su'ing to needs something to actually interpret the command. i suggest you either change that user's passwd info to have such a shell, or you to an account that has such a shell. as for xterm reading your .cshrc, you need to pass it the option -ls, which tells it to launch a login shell. - -Anthony. On Fri, Mar 22, 2002 at 04:58:17PM -0300, Fernan Aguero wrote: > I wonder if this is security related. > > Basically I'd like to know if this has been disabled for security > reasons. > > According to su(1) you can do something like: > su man -c catman > Runs the command catman as user man. You will be asked for man's > password unless your real UID is 0. > > However, I am refused to run the example in this way (I am root, of > course). > > root> su man -c catman > This account is currently not available. > > man is listed in /etc/passwd with /sbin/nologin as shell > > I'd also like to know why my ~/.cshrc is not read when I log in or > open an xterm. I have to source it every time. Is this also related to > the previous issue (disabled for some reason?) > > I am running FreeBSD-4.3 (RELENG_4_3), and except for some minor > things haven't done major configuration or editing of system base > defaults. > > Thanks in advance for any help or pointers, > > Fernan > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message - ----------------------------------------------- PGP key at: http://www.keyserver.net/ http://www.anthonydotcom.com/gpgkey/key.txt Home: http://www.anthonydotcom.com - ----------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPJuavL8+wXo6G32BEQK23wCgr5TyDqR9zUajg1uWkPqvQQuh0EAAoJpD dA74dD2l2qZhlsTXVTPaOTHx =U3B4 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message