Dangers of using a non-base shell

Giorgos Keramidas keramida at ceid.upatras.gr
Fri Nov 9 14:48:38 PST 2007


On 2007-11-09 18:10, Alex Zbyslaw <xfb52 at dial.pipex.com> wrote:
> Giorgos Keramidas wrote:
>> i.e. here's an ftp session on my laptop:
>>
>> 	root at kobe:/root# fgrep ftp: /etc/passwd
>> 	ftp:*:1003:1003:& user:/home/ftp:/usr/sbin/nologin
>> 	root at kobe:/root# su ftp
>> 	root at kobe:/root$ id
>> 	uid=1003(ftp) gid=1003 groups=1003
>> 	root at kobe:/root$
>
> Must be new, because in 5.4 I get:
> [...]
> I find the behaviour you get definitely undesirable.  There are
> occasionally accounts have special purpose shells which do work in
> some restricted fashion which you *might* want to use (in which case
> you can su) or which you might not (so you su -m). [...]

False alarm.  I had a desynced /etc/pwd.db when this happened.

The correct behavior with nologin as the shell is:

  root at kobe:/root# su ftp
  This account is currently not available.
  root at kobe:/root#

> Confused.

I apologize for the confusion :/




More information about the freebsd-questions mailing list