login -f changing session getlogin(2)
Simon J. Gerraty
sjg at juniper.net
Sat Oct 3 19:52:10 UTC 2015
Bryan Drewery <bdrewery at FreeBSD.org> wrote:
> This still ignores that 'su -l' does the opposite.
The opposite of what?
fwiw I'm not sure I'd want su - calling setlogin()
but then I'm never trying to really masquerade as someone else to the
extent that would matter.
> Sometimes sysadmins need to masquerade as users for support. Having a
> user hand over their SSH password, or adding a password to a service
> user that should NOT have remote access, is not the answer. There needs
> to be a way to login fully as a user for debugging issues as that user.
There are many ways to skin that cat (eg append your pub key to their
.ssh/authorized_keys)
The easiest is to just use 'login -f' as you are doing, and when
finished logout completely.
I don't think anyone said you cannot use 'login -f',
just that your use isn't what it was intended for.
Adding a BUG/NOTE to the man page to warn anyone using it in this way
to fully logout afterwards is a simple "solution".
More information about the freebsd-arch
mailing list