Bug#411997: marked as done (login: rbash and su - username)

Sun, 12 Aug 2018 09:15:27 -0700 

Your message dated Sun, 12 Aug 2018 18:10:51 +0200
with message-id <[email protected]>
and subject line Re: Bug#411997: [Pkg-shadow-devel] Bug#411997: login: rbash 
and su - username
has caused the Debian Bug report #411997,
regarding login: rbash and su - username
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
411997: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=411997
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: login
Version: 1:4.0.18.1-6
Severity: normal

I have created a user with the shell /bin/rbash, when I log in to this
account rbash behaves as expected (can't change directory, can't run
commands starting with /), when I su to this account I again get the
expected rbash behaviour. However, when I do "su - username" the shell
no longer restricts the user in any way.

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-486
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages login depends on:
ii  libc6                       2.3.6.ds1-11 GNU C Library: Shared
libraries
ii  libpam-modules              0.79-4       Pluggable Authentication
Modules f
ii  libpam-runtime              0.79-4       Runtime support for the PAM
librar
ii  libpam0g                    0.79-4       Pluggable Authentication
Modules l

login recommends no packages.

-- no debconf information

-- 
Michael Graham <[email protected]>

--- End Message ---
--- Begin Message --- 
Version: 2.32-0.4

* Andreas Henriksson <[email protected]> [180812 16:07]:
> Testing on a system with the recently switched to util-linux
> implementation of su, this seems to work for me.

Right, I think I failed to re-test this. Must have slipped out of my
mind.

# su - sutest
sutest@d:~$ echo $SHELL
/bin/rbash
sutest@d:~$ cd /
-rbash: cd: restricted
sutest@d:~$ logout
-rbash: /usr/bin/clear_console: restricted: cannot specify `/' in command names

Thanks,
Chris

--- End Message ---

Reply via email to