Re: shell of place-holder accounts (shouldn't be a valid shell)

To: debian-devel@lists.debian.org
Subject: Re: shell of place-holder accounts (shouldn't be a valid shell)
From: Daniel Martin at cush <dtm12@jhunix.hcf.jhu.edu>
Date: Mon, 03 Aug 1998 11:18:39 -0400
Message-id: <[🔎] 87r9yy9jqo.fsf@cush.dyn.ml.org>
In-reply-to: Raul Miller's message of "Sun, 02 Aug 1998 15:15:46 -0400"
References: <199807312135.OAA11244@dilbert.ucdavis.edu> <[🔎] 19980802151546.00625@test.legislate.com>

Raul Miller <rdm@test.legislate.com> writes:

> Chris Ulrich <cdulrich@ucdavis.edu> wrote:
> >   On most unix systems, there are accounts that exist not for users
> > but to make the filesystem look nice (uids get names instead of
> > numbers with ls) or for security isolate special purpose processes
> > from the rest of the system. Examples of this are the nobody user, for
> > root squashed NFS, the qmail user for the different qmail daemons, the
> > http user for the web server, and so on. Debian has quite a few of
> > these users in the default /etc/passwd.

And note that "nobody" has a world writeable home directory - /tmp.

> These are not there only to make sure that ls looks nice.  These
> entries also are there to ensure that these ids are not inadvertently
> reused.
> 
> >   Given that these accounts *never* need to have someone use them, it
> > seems like a needless security flaw to give them a shell in /etc/passwd.
> 
> Note that some of the uids you gave as examples have soemthing 
> appropriate (/bin/false) for their shell.
> 
> However, overall I agree that passwordless system ids should all have
> /bin/false.  (And there should be some well advertised debian mechanism
> besides su for root to adopt these identities -- one that always uses
> $SHELL or /bin/sh.)

sudo -u <user> /bin/sh
does this, but many people don't want sudo.

But this utility shouldn't be too hard to write.  Something like the
following might work, though it would be better if it accepted a
second parameter that was the command to run instead of /bin/sh.

main(int argc, char *argv[])
{
  struct passwd *pwdptr;

  if (argc != 2) {printf("Usage: %s user-id\n", argv[0]); exit(2);}
  pwdptr = getpwnam(argv[1]);
  if (pwdptr != NULL) {
    setreuid(pwdptr->pw_uid, pwdptr->pw_uid);
    setregid(pwdptr->pw_gid, pwdptr->pw_gid);
    execl("/bin/sh", "/bin/sh");
    perror("exec");
    exit(1);
  } else {perror("getpwnam"); exit(1);}
}


--  
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: shell of place-holder accounts (shouldn't be a valid shell)
  - From: "Stephen J. Carpenter" <sjc@delphi.com>
- Re: shell of place-holder accounts (shouldn't be a valid shell)
  - From: Joey Hess <joey@kitenet.net>

References:
- Re: shell of place-holder accounts (shouldn't be a valid shell)
  - From: Raul Miller <rdm@test.legislate.com>

Prev by Date: Re: dpkg-source and bzip2
Next by Date: Re: POSIX shell; bash ash pdksh & /bin/sh
Previous by thread: Re: shell of place-holder accounts (shouldn't be a valid shell)
Next by thread: Re: shell of place-holder accounts (shouldn't be a valid shell)
Index(es):
- Date
- Thread