On 20 Nov 2002, Dwayne Rightler <[EMAIL PROTECTED]> wrote: > Dunno... I always prefer a program to change user/drop privs itself... > probally a personal preference thing. At work I tried to do a su -c first > and RedHat gives nodoby a shell of /bin/nologin by default so it didn't > work. Could I change nobody's shell? Sure. I hacked this in for my own > use really, just decided to send the patch to the list and see if anyone > else wanted it. I would be interested in knowing if the method I used to > drop privs isn't secure, however.
RedHat, SuSE, and Debian (at least) all have standard functions for starting a daemon as a particular user. The user doesn't need to have a shell. On RedHat, see /etc/init.d/functions. Most of them end up doing something like root@toey ~# su - distcc -c '/bin/echo hello; id' -s /bin/sh hello uid=103(distcc) gid=65534(nogroup) groups=65534(nogroup) -- Martin _______________________________________________ distcc mailing list [EMAIL PROTECTED] http://lists.samba.org/cgi-bin/mailman/listinfo/distcc
