Re: Bug#25882: The 'users' gid: sync, games, and man
On Tue, Feb 11, 2003 at 01:23:49PM +0100, Russell Coker wrote:
> On Tue, 11 Feb 2003 11:17, Colin Watson wrote:
> > +games:*:5:60:games:/usr/games:/bin/sh
> > +man:*:6:12:man:/var/cache/man:/bin/sh
>
> That is good apart from one thing. I don't think that there is any good
> reason for giving a login shell for "games" or "man". No-one should ever
> login to those accounts in a normal setup and therefore the default shell
> should be /bin/false.
Agreed. However, that's entirely separate from this bug, so let's please
keep it separate. I thought you'd filed it as a bug against base-passwd
already, although it seems not. I was aware of it, though.
I'm somewhat concerned about the effect that changing man's shell to
/bin/false would have on people who didn't accept woody's conffile
changes to /etc/cron.*/man-db to use start-stop-daemon instead of su
(trust me, there will be plenty of these people), not to mention that I
frequently suggest that people run 'mandb -d' as the man user in order
to narrow down bug reports. I suppose I'll have to start telling them to
run 'su -s /bin/sh -c "mandb -d" - man' as root, or some such.
It's a shame that we don't have a better way to run a program as another
user. su generates syslog entries and requires a valid shell in
/etc/passwd unless you use -s. start-stop-daemon hits my overkill button
every time I see it used for this, it needs strange hacks like
'--pidfile /dev/null' to run programs that aren't daemons, and its
command lines tend to be rather long. sudo isn't in the base system and
it requires special configuration. I'd like something that has roughly
sudo's argument syntax but authenticates like su.
[Please direct replies away from 25882@bugs.debian.org; this is no
longer relevant to it.]
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: