How to run program as another user - and permanently dropping current user privileges?

Doran L. Barton fozz at iodynamics.com
Tue Mar 13 18:12:37 MDT 2007


Not long ago, Chris Carey proclaimed...
> On 3/13/07, Kenneth Burgener <kenneth at mail1.ttak.org> wrote:
> 
> >and all files created by 'myprogram' are created as the 'myuser'
> >program, which is what I wanted.  But I wonder if having the 'myuser'
> >with a default shell (and no password) would be a security hole, and
> >possibly allow someone to SSH to my box using this user account.  I
> >noticed all other daemon users have "/sbin/nologin" as their default
> >shell, and I assume they do this for a reason.
> >
> >Should I be concerned with this?
> 
> 
> You can specifically deny SSH logins to that account by editing
> /etc/ssh/sshd_config

See the DenyUsers directive in the sshd_config(5) man page. 

-=Fozz

-- 
fozz at iodynamics.com is Doran L. Barton, president/CTO, Iodynamics LLC
Iodynamics: IT and Web services by Linux/Open Source specialists
 "Depositing the room key into another person is prohibited."
    -- Seen in a Japan hotel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20070313/67a53f53/attachment.bin 


More information about the PLUG mailing list