user nobody and test suites

Bruce Dubbs bruce.dubbs at gmail.com
Sun Mar 25 18:56:48 PDT 2007


Dan Nicholson wrote:
> On 3/25/07, Robert Connolly <robert at linuxfromscratch.org> wrote:
>> I dunno if any of you have tried it, but we can use nobody for the Coreutils
>> tests. Add "nogroup" and "nobody" to /etc/group, and "nobody" in /etc/passwd
>> in the "nobody" group. For the src/su command, add '-s /bin/sh' so
>> that /bin/false won't be used.
> 
> That seems fine to me.

I don't agree.  The nobody user should never have a valid login shell or
home directory.  If a temporary user is needed for the Coreutils tests,
add a temp user and then as the INSTALL file says, `sudo env
NON_ROOT_USERNAME=$USER make -k check`.  Delete the temp user when done.

I know we don't build sudo in LFS, but perhaps an equivalent su command
could be used.

>> I'd also like to suggest we use /sbin/nologin (from Shadow), instead
>> of /bin/false. 'nologin' is the same as 'false', except it gives a polite
>> message explaining the account is suspended. It's intended for login
>> accounts, while /bin/false is intended for everything else.
> 
> Also seems fine to me, but I have no idea what the
> history/implications of that change would be.

Using /sbin/nologin to give a "polite" message for accounts that should
*never* be tried is overkill.  To me, its not an accident and users
trying that don't need or deserve courtesy.  I prefer /bin/false.

That said, it doesn't make a practical difference.

  -- Bruce



More information about the lfs-dev mailing list