cvs commit: LFS/BOOK/chapter06 pwdgroup.xml

Bill's LFS Login lfsbill at wlmcs.com
Mon Sep 1 15:56:49 PDT 2003


On Mon, 1 Sep 2003, Don Smith wrote:

> Bill's LFS Login wrote:
> > On Mon, 1 Sep 2003, Andrew Fyfe wrote:
> >
> >>If the shell is set to /bin/false that would defeat the point in adding
> >>it in our case wouldn't it? Doesn't coreutils e2perm test su to the
> >>non-privileged user?
> >
> > No. /bin/false doesn't stop one from su'ing to nobody. It prevents
> > 'su -' and such from finding a valid shell and returns a "false". But,
> > as roo, so a 'su nobody' and you will see all is well - euid and egid
> > are properly set when 'id' is run.
>
> This is what I get on an LFS 4.0 system:
>
> root:/var/log# id
> uid=0(root) gid=0(root) groups=0(root)
> root:/var/log# su nobody
> root:/var/log# id
> uid=0(root) gid=0(root) groups=0(root)
> root:/var/log# exit
> logout
>
> bash-2.05a$ grep nobody /etc/passwd
> nobody:x:99:99:Nobody:/:/bin/false
> bash-2.05a$ grep 99 /etc/group
> nobody::99:
> bash-2.05a$

Hmmm. On a "20030219 Pure LFS Built 20030504", with a fairly complete
BLFS and some minoe package upgrades (I think - can't remember for sure
now), I get

wlmlfs04:root:/home/lfsbill/BILLS/Executables# su nobody
wlmlfs04:nobody:~/lfsbill/BILLS/Executables# id
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)

I've shadow installed and passwd and group are

/etc/passwd:nobody:x:65534:65534:nobody:/home:/bin/bash
/etc/group:nobody:x:65534:

Anybody got a clue?

-- 
Bill Maltby
lfsbill at wlmcs.com



More information about the lfs-dev mailing list