View previous topic :: View next topic |
Author |
Message |
Odin_SE n00b
Joined: 27 Oct 2006 Posts: 14
|
Posted: Fri Dec 14, 2007 2:01 pm Post subject: su -m fails if user has shell set to /bin/false |
|
|
Hi,
I'm working with unattended backup using rdiff-backup and part of the instructions are to set up a user account, say backup, with no password and shell set as /bin/false.
A little later in then instructions you su -m backup. This does not give any errors but I am not su'd to backup.
If I then change passwd such that backup's shell is /bin/bash, it all works fine.
Can anyone explain why this is happening?
My only idea is that it's because I'm running hardened (2.6.20-hardened-r10).
The rdiff-backup instructions that I'm following are here:
http://arctic.org/~dean/rdiff-backup/unattended.html
It's at 2. that the su instructions start.
Any help appreciated.
//Odin |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9696 Location: almost Mile High in the USA
|
Posted: Fri Dec 14, 2007 11:58 pm Post subject: |
|
|
I think it's because it's probably executing /bin/false and returning to root real quick.
Try Code: | su -s /bin/bash -m backup | to temporarily use /bin/bash as the shell. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
Odin_SE n00b
Joined: 27 Oct 2006 Posts: 14
|
Posted: Sat Dec 15, 2007 12:34 pm Post subject: |
|
|
That worked nicely.
I just wonder why it was failing though...
From the su docs:
-m
Do not change the environment variables `HOME', `USER', `LOGNAME',
or `SHELL'. Run the shell given in the environment variable
`SHELL' instead of the shell from USER's passwd entry, unless the
user running `su' is not the superuser and USER's shell is
restricted. A "restricted shell" is one that is not listed in the
file `/etc/shells', or in a compiled-in list if that file does not
exist. Parts of what this option does can be overridden by
`--login' and `--shell'.
When I do echo $shell, it says /bin/bash and I'm changing from superuser so it should have worked. No matter, this fixes the problem |
|
Back to top |
|
|
|