Re: Why do system users have valid shells
Bernd Eckenfels said:
> Reading:
> In article <[🔎] 4128.146.122.45.164.1066846804.squirrel@www.iegrec.org> you
> wrote:
>> The /etc/passwd file does not control granting of priveledges[sic].
>
> and
>
>> It contains a map of UID <-> username <-> Primary GID
>
> is a contradiction on traditional unix, since the most powerful
> priveledge is coupled with uid 0.
"Priveledge" on traditional unix is based solely on the UID. If you create
users:
root:x:0:0:root:/root:/bin/bash
kshroot:NOLOGIN:0:0:Root using pdksh as shell:/root:/bin/pdksh
cshroot:NOLOGIN:0:0:Root using csh as shell:/root:/bin/csh
ashroot:NOLOGIN:0:0:Root using ash as shell:/root:/bin/ash
sashroot:NOLOGIN:0:0:Root using sash as shell:/root:/bin/sash
There is no privilege difference between these users, only the default
program that gets started when you "su - ${SHELL}root". There would be no
difference in privilege for user falseroot, either.
>
> And the priveledge "interactive login allowed" is coupled to the shell
> string field.
The privilege "interactive login allowed" does not exist.
/bin/login uses all the fields in /etc/passwd (and some in /etc/shadow) to
determine:
1) what password is acceptable "proof" of the user's identity
2) what userid to set for the new process that is started on the user's
behalf3) in what directory to start the new process that is started on the user's
behalf
4) what process to start on the user's behalf.
That's it.
--Joe
Reply to: