No, this is not a good enough answer. Nobody is *not supposed* to have a shell and it worked just fine before CFMX. This is a security issue and I feel should be investigated more fully before being written off in a pat manner. I'm quite familiar with the script and how it works. I think this has more to do with how it is doing the suid function.
Cathy Taylor ----- Original Message ----- From: "Jesse Noller" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, October 10, 2002 11:58 AM Subject: RE: 2nd question - Run MX as nobody? > Look in the coldfusion start script. > > The start script run su -$user -c "command" > > On linux, su gives you the option of defining a run-time shell. Solaris does not, therefore, the solaris user you run CFMX as needs a valid shell. > > Jesse Noller > [EMAIL PROTECTED] > Macromedia Server Development > > "No concept man forms is valid unless he > integrates it without contradiction into the > sum of his knowledge." > - Ayn Rand > > > -----Original Message----- > > From: Thomas Chiverton [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, October 10, 2002 11:50 AM > > To: CF-Talk > > Subject: RE: 2nd question - Run MX as nobody? > > > > > You don't need to login as the cfuser, however, the CFuser needs > > > a valid shell > > > > It does ? What for ? > > > > > as well as typical privs associated with it. > > > > I guess it depends what you mean by typical :-) > > I wouldn't want my CFMX user to have read access to everything below /home > > (some UNIXs set permissions by default that allow this) for instance. > > > > Tom Chiverton > > You don't have to be a mad scientist to believe in ColdFusion > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com
