Hi,
Thanks for pointing out that part of the man page. I played around with it
somemore, and found out that even if /etc/login.conf has filesize-max, the
user can override that setting with his .login_conf.
What I'm essentially discovering is that the user is not restricted to the
"me" keyword in the .login_conf. If he knows his user class, or knows that
the system includes the 'default' keyword for his class settings, he can
always override the system's settings by using the 'default:' record in his
.login_conf.
A little dramatized example: twchan's shell is set to /sbin/nologin, but he
previously had already set the following in his .login_conf:
#me:\
# :charset=iso-8859-1:\
# :lang=de_DE.ISO_8859-1:
default:\
:shell=/bin/tcsh:\
:ignorenologin=1:
The /sbin/nologin is defeated in this case.
Searching through the source, I find the root of the "problem":
login_getclassbyname() in /usr/src/lib/libutil will always pick up
~/.login_conf before /etc/login.conf, for all class capability queries, and
is not restricted to the "me" class. Thus if a user has a .login_conf with
all the correct class records, e.g. 'default', then he effectively is in
control of the login class capabilities.
Regards
-T.W.Chan-
On Mon, 14 May 2001, Daniel Frazier wrote:
> Date: Mon, 14 May 2001 10:07:13 -0400
> From: Daniel Frazier <[EMAIL PROTECTED]>
> To: Chan Tur Wei <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: .login_conf can overwrite values from /etc/login.conf
>
> Chan Tur Wei wrote:
> >
> > Hi,
> >
> > Not sure if this has been brought up before, but .login_conf can apparently
> > overwrite values in the system's /etc/login.conf.
> >
> <snip>
> >
> > Is this really the intended effect? It feels like a big bug to me...
> >
>
> from man login.conf...
>
> The current (soft) limit is the one normally used, although the user
> is permitted to increase the current limit to the maximum (hard) limit.
> The maximum and current limits may be specified individually by
> appending a -max or -cur to the capability name.
>
> so unless you have filesize-max defined in /etc/login.conf the user
> will be able to increase it in their ~/.login.conf. Not sure if
> there's an *implied* someresource-max if someresource(-cur implied)
> is defined.
>
> --
> ----------------------------------------------------------------------
> Daniel Frazier <[EMAIL PROTECTED]> Tel: 302-239-5900 Ext. 231
> Systems Administrator Fax: 302-239-3909
> MAGPAGE, We Power the Internet WWW: http://www.magpage.com/
>
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety."
> - Benjamin Franklin, Historical Review of Pennsylvania, 1759.
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-stable" in the body of the message
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
