Re: Why do system users have valid shells
On Wed, 22 Oct 2003 21:37, I.R.van Dongen wrote:
> > > If the shells are changed, there are some really big consequences,
> > > but
> > Such as? Please share your knowledge. :-)
> - manually compiled postgresql (user:postgres) expects the user it runs
> as to have a valid shell (I'm not sure about the debian package)-
The Debian package used to have a number of bugs related to this. There was
quite a big of work done on improving the situation, I am not sure if it's
Postgresql is known to be a program with seriously buggy scripts etc. I've
filed several bug reports and sent in patches. It has improved a lot, I hope
that the Debian package no longer has such issues.
As for manual compilation, if you compile things manually then it's your
responsibility to do whatever is necessary to make it work. Often manual
compilation requires specifying locations of header files and libraries,
using special -D options for compilation, and sometimes requires patching the
source to deal with differences between the way other things work on a Debian
system to the system that the upstream author coded for.
People who choose to compile the program themself instead of using a .deb are
best advised to start with "apt-get source". If they choose to do otherwise
then it's their issue.
> backports and 3th party debs might contain scripts that use the 'su -c'
> as mentioned above.- home made script, or scripts copyed out of manuals/
> from webpages might expect valid shells.
Such scripts may expect special directories under /var, /opt, or /usr/local.
They may expect special file names under /etc, they may expect BSD or Solaris
names for device nodes. We can't do everything that is necessary to get such
things to work.
> I didn't research the impact yet, so there might be more/less problems.
Research it first, then compare notes with all the other people who have
already researched it.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page