Date: Tue, 03 Apr 2001 11:23:12 -0700 (PDT) From: geniusj@bluenugget.net To: Kherry Zamore <dknj@dknj.org> Cc: freebsd-stable@freebsd.org, freebsd-security@freebsd.org Subject: Re: su change? Message-ID: <986322192.3aca151091d2a@bluenugget.net> In-Reply-To: <005401c0bc63$7cb36650$0202a8c0@majorzoot> References: <005401c0bc63$7cb36650$0202a8c0@majorzoot>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Kherry Zamore <dknj@dknj.org>: > Just recently my friend locked himself out of his machine by changing > root's > shell to a nonexisting file. The only way he could become root again > was by > rebooting the machine into single user mode and changing it from there. > Now > while I know that its foolish to change root's shell in the first place, > i > don't think this is an acceptable punishment for those that do. > I disagree, anything we can do in su to prevent root access when possibly not wanted is great with me. Besides, if your friend had perhaps used chfn instead of vipw to change his root shell, it *should* have bitched at him if the shell did not exist (i'll have to double check this.) But there are an infinite # of conditionals that we could use in your friend's scenario. Perhaps it would be a better idea if vipw would give a warning if you set the root's shell incorrectly? Cheers, -JD- P.S. DKNJ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?986322192.3aca151091d2a>