On Wed, Oct 22, 2003 at 07:41:33PM +1000, Russell Coker wrote: > On Wed, 22 Oct 2003 19:27, Dariush Pietrzak wrote: > > > 'su -s /bin/bash -c "cmd" user ' > > > > > > sounds like a very bs argument > > > > Do you understand the term 'breakage' ? > > Do you understand the term "testing"? Why should I? The question was - what can go wrong. Well, the thing I mentioned can go wrong. It's not a "bs argument", and not even "very bs argument", since I'm not arguing about anything, just pointing to potential source of problems. And before we can go on with testing maybe we should think for a second what could go wrong? If you ask question 'What can go wrong', answer 'ooh, probably nothing' has rather low informational value.
> Some of us have run fairly complete Linux machines for years with most of > those accounts set to /bin/bash for their shell without any problems. I /bin/bash? It's a typo, right? > whinged at me all the time, and the other is that I have little need for such > measures now that I'm running SE Linux on all important machines. Good for you, I envy you, I ain't got enough time to setup and maintain SE Linux on my machines. > Linux I think that there are some good benefits to be achieved by making the > shells of those accounts be /bin/bash by default. I'm using ash instead of bash for non-interactive stuff, it's easier on resources;) > without breakage I am quite confident that we can get these things right. That's the point 'we can get these things right'. Of course we can, and we should, but I don't think we can just flip the switch and forget about this. The best course of action would be to gather possible sources of problems first, then test the change, etc.. > We can start with "bin", "daemon", "sys", and "sync" which are the least > likely accounts to need a login shell. After those changes have been tested > to everyone's satisfaction we can then move on to others. Now you're talking. -- Dariush Pietrzak, Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
