Date: Sat, 3 Oct 2015 13:14:32 -0700 From: Bryan Drewery <bdrewery@FreeBSD.org> To: "Simon J. Gerraty" <sjg@juniper.net> Cc: Jilles Tjoelker <jilles@stack.nl>, freebsd-arch@FreeBSD.org Subject: Re: login -f changing session getlogin(2) Message-ID: <56103728.5060008@FreeBSD.org> In-Reply-To: <16315.1443901877@chaos> References: <560D826D.7000302@FreeBSD.org> <20151001203436.GA22737@stack.nl> <560DAD6D.7050007@FreeBSD.org> <28007.1443892369@chaos> <56101026.7060206@FreeBSD.org> <16315.1443901877@chaos>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --tUNxucJfQ7HSpul61VGCumJ8gE7rgAJ1q Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 10/3/2015 12:51 PM, Simon J. Gerraty wrote: > Bryan Drewery <bdrewery@FreeBSD.org> wrote: >> This still ignores that 'su -l' does the opposite. >=20 > The opposite of what? > fwiw I'm not sure I'd want su - calling setlogin() > but then I'm never trying to really masquerade as someone else to the > extent that would matter. I said this in another mail. su -l does not change logname, so things like 'mail' send the mail as 'root' rather than the user. su.1 claims to set USER to the target user. It does, but lacking the documentation for a kernel implementation detail of logname it does not convey that setting USER is not the full story. So both login and su have unexpected behavior no matter how you look at i= t. >=20 >> Sometimes sysadmins need to masquerade as users for support. Having a >> user hand over their SSH password, or adding a password to a service >> user that should NOT have remote access, is not the answer. There nee= ds >> to be a way to login fully as a user for debugging issues as that user= =2E >=20 > There are many ways to skin that cat (eg append your pub key to their > .ssh/authorized_keys) > The easiest is to just use 'login -f' as you are doing, and when > finished logout completely. Why does SSH need to even be involved here? This is what I mean by bigger issues. --=20 Regards, Bryan Drewery --tUNxucJfQ7HSpul61VGCumJ8gE7rgAJ1q Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJWEDcoAAoJEDXXcbtuRpfPnWgH/R7hl/zFj+yKotIaTB+GYAhT nt6o2rsW/9rpsvNXSrBcHds3c5jA9vUZNUANju6j8TueHpgDsKnaowcEnhwQpKNd O26onp7ZfFtPeHoa8uG+AsEZj/YR8nFLuHD6WzLGdzh5l5nygmj3S2CBwOVFph6a lPuSbIVRqDKqTUovgnEhJNZzTnMA1wGLgKt82EKjiW+JAe5mCeXgjFFcElKWndoF VmgT2PkS0Rlzo4WflHffXzp7MycCWAsY9u27DH/WVrF9B+vOaWDVmrcWSyrBRqJ7 tJv+vryRsFXVkYDQ18RX1FviFcyz0wnr+BaIV/jLT3gOvZyPnTIkRAdccwaDXzU= =vigG -----END PGP SIGNATURE----- --tUNxucJfQ7HSpul61VGCumJ8gE7rgAJ1q--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56103728.5060008>