Date: Sat, 3 Oct 2015 12:51:17 -0700 From: "Simon J. Gerraty" <sjg@juniper.net> To: Bryan Drewery <bdrewery@FreeBSD.org> Cc: Jilles Tjoelker <jilles@stack.nl>, <freebsd-arch@FreeBSD.org>, <sjg@juniper.net> Subject: Re: login -f changing session getlogin(2) Message-ID: <16315.1443901877@chaos> In-Reply-To: <56101026.7060206@FreeBSD.org> References: <560D826D.7000302@FreeBSD.org> <20151001203436.GA22737@stack.nl> <560DAD6D.7050007@FreeBSD.org> <28007.1443892369@chaos> <56101026.7060206@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bryan Drewery <bdrewery@FreeBSD.org> wrote: > This still ignores that 'su -l' does the opposite. The opposite of what? fwiw I'm not sure I'd want su - calling setlogin() but then I'm never trying to really masquerade as someone else to the extent that would matter. > Sometimes sysadmins need to masquerade as users for support. Having a > user hand over their SSH password, or adding a password to a service > user that should NOT have remote access, is not the answer. There needs > to be a way to login fully as a user for debugging issues as that user. There are many ways to skin that cat (eg append your pub key to their .ssh/authorized_keys) The easiest is to just use 'login -f' as you are doing, and when finished logout completely. I don't think anyone said you cannot use 'login -f', just that your use isn't what it was intended for. Adding a BUG/NOTE to the man page to warn anyone using it in this way to fully logout afterwards is a simple "solution".
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16315.1443901877>