[TUHS] "Webster's Second on the Head of a Pin"?
Rik Farrow
rik at rikfarrow.com
Fri Jan 3 04:13:22 AEST 2025
On Thu, Jan 2, 2025 at 7:23 AM Chet Ramey <chet.ramey at case.edu> wrote:
> On 1/1/25 1:11 PM, Rik Farrow wrote:
> > For example, the 3B2 I
> > administered for a while in the late 80s had multiple accounts with rsh,
> > the restricted shell, as the login shell. That was okay, unless you used
> su
> > and then had access to a root shell.
>
> That's an administrator problem. Part of setting up a restricted shell
> environment is creating a directory of necessary binaries and setting
> PATH appropriately.
>
> Each of these special accounts did have a home directory with a .profile
to set up the restricted environment, then run a shell script to perform
some task as root. For example, logging in as 'backup' would run
/user/backup/.profile and allow a non-privileged user to run a backup
script as root.
But typing "su backup" produced a root-owner shell without restrictions.
You need to type "su - " to run the account's .profile script.
Rik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tuhs.org/pipermail/tuhs/attachments/20250102/3a6c3f7e/attachment-0001.htm>
More information about the TUHS
mailing list