[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mandb wrapper scripts

On Sun, Feb 06, 2000 at 02:54:10AM -0900, Ethan Benson wrote:
> There are a couple things about the new wrapper scripts for man and
> mandb that I am wondering about...


> these scripts now check to see if the invoking user is root and if so
> changes to nobody before executing the real setuid man/mandb, first
> why user nobody? the uid will just end up as man anyway so why use
> nobody?

Because man and mandb do only the minimum of the job using man

> the problem with using nobody is some admins prefer to not
> give nobody a valid shell, (see a past thread on that) so if they have
> changed nobody's shell to say /bin/false mandb and man no longer work
> at all as root.

Humm, looks like a valid point, although I thought that "nobody" was a
"user" who cannot interfere with the filesystem (as he owns non
permissions. If "nobody" owns non file, and no shell, what's his usage
at all?
I will search archives for the past thread, as I'm curious.

> the second thing i find odd in these script is the way they check the
> user's uid, they test writablity of /root.. 
> [ `id -u` = 0 ] && exec ...
> this unambiguously tests for uid 0 status 

This is taken. Absolutely.

| fab@pukki.ntc.nokia.com     fpolacco@prosa.it    fpolacco@debian.org
| 6F7267F5 fingerprint 57 16 C4 ED C9 86 40 7B 1A 69 A1 66 EC FB D2 5E
| fabrizio.polacco@nokia.com                  gsm: +358 (0)40 707 2468

Reply to: