Opened 2 years ago

Closed 5 days ago

#5554 closed defect (noaction)

documentation suggests su -s /bin/bash, but the default shell is selected without the -s option

Reported by: Andrew Owned by:
Priority: major Milestone:
Component: programming Keywords:
Cc: Parent Tickets:

Description

If the documentation is merely enforcing the selection of /bin/bash, then perhaps that is redundant, or it should be set in /etc/passwd. if the intention is to give the mediagoblin user no shell access by default, then the thing to do might be to set the shell to /bin/false.

however, the problem with that is that the user is brought back to their root shell, and they may continue with commands that should not be run as root.

Subtickets

Change History (3)

comment:1 Changed 6 days ago by Ben Sturmfels

Hi Andrew,

Another sorry for the delay, and thanks for taking the time to raise an issue.

I'm not clear on the issue here. As far as I can see, the command is saying "give me a full-featured bash shell to do some one-off setup work in rather than whatever the default is". In that regard it seems to work as I would expect and pops me into bash as the mediagoblin user, rather than sh, which is the default on the machine I tested on.

I'm assuming you're looking at the section "Deployment - Drop Privileges for MediaGoblin".

Could you clarify the issue please?

Regards,
Ben

comment:2 Changed 5 days ago by Andrew

Hi Ben, and thanks for the update. Yeah, I see that your use case makes a lot of sense. If /bin/sh is the default shell in /etc/passwd, then this command should help with that situation, without needing to change one's default shell.

Feel free to close this issue. : )

comment:3 Changed 5 days ago by Ben Sturmfels

Resolution: noaction
Status: newclosed

Closing with no action; thanks Andrew!

Note: See TracTickets for help on using tickets.