user nobody and test suites
bruce.dubbs at gmail.com
Sun Mar 25 18:56:48 PDT 2007
Dan Nicholson wrote:
> On 3/25/07, Robert Connolly <robert at linuxfromscratch.org> wrote:
>> I dunno if any of you have tried it, but we can use nobody for the Coreutils
>> tests. Add "nogroup" and "nobody" to /etc/group, and "nobody" in /etc/passwd
>> in the "nobody" group. For the src/su command, add '-s /bin/sh' so
>> that /bin/false won't be used.
> That seems fine to me.
I don't agree. The nobody user should never have a valid login shell or
home directory. If a temporary user is needed for the Coreutils tests,
add a temp user and then as the INSTALL file says, `sudo env
NON_ROOT_USERNAME=$USER make -k check`. Delete the temp user when done.
I know we don't build sudo in LFS, but perhaps an equivalent su command
could be used.
>> I'd also like to suggest we use /sbin/nologin (from Shadow), instead
>> of /bin/false. 'nologin' is the same as 'false', except it gives a polite
>> message explaining the account is suspended. It's intended for login
>> accounts, while /bin/false is intended for everything else.
> Also seems fine to me, but I have no idea what the
> history/implications of that change would be.
Using /sbin/nologin to give a "polite" message for accounts that should
*never* be tried is overkill. To me, its not an accident and users
trying that don't need or deserve courtesy. I prefer /bin/false.
That said, it doesn't make a practical difference.
More information about the lfs-dev