How to run program as another user - and permanently dropping current user privileges?
jonathan at bluesunhosting.com
Tue Mar 13 17:03:00 MDT 2007
On Tue, 13 Mar 2007, Kenneth Burgener wrote:
> I got around to trying this today, but when I run my program I get an
> error saying:
> [root at test ~]# su -l myuser -c "/usr/myapp/myprogram"
> "This account is currently not available."
> Originally I created this user in /etc/passwd as follows:
> When I changed the shell parameter to:
> I was able to run the fine, and it showed up in the 'ps' list as running
> as myuser:
> # ps aux
> myuser 2470 0.0 0.0 5956 372 ? Ss 16:36 0:00 /usr/myapp/myprogram
> and all files created by 'myprogram' are created as the 'myuser'
> program, which is what I wanted. But I wonder if having the 'myuser'
> with a default shell (and no password) would be a security hole, and
> possibly allow someone to SSH to my box using this user account. I
> noticed all other daemon users have "/sbin/nologin" as their default
> shell, and I assume they do this for a reason.
> Should I be concerned with this?
Yes, be very concerned.
What was the IP of that machine again? ;)
More information about the PLUG