How to run program as another user - and permanently dropping
current user privileges?
Doran L. Barton
fozz at iodynamics.com
Tue Mar 13 18:12:37 MDT 2007
Not long ago, Chris Carey proclaimed...
> On 3/13/07, Kenneth Burgener <kenneth at mail1.ttak.org> wrote:
>
> >and all files created by 'myprogram' are created as the 'myuser'
> >program, which is what I wanted. But I wonder if having the 'myuser'
> >with a default shell (and no password) would be a security hole, and
> >possibly allow someone to SSH to my box using this user account. I
> >noticed all other daemon users have "/sbin/nologin" as their default
> >shell, and I assume they do this for a reason.
> >
> >Should I be concerned with this?
>
>
> You can specifically deny SSH logins to that account by editing
> /etc/ssh/sshd_config
See the DenyUsers directive in the sshd_config(5) man page.
-=Fozz
--
fozz at iodynamics.com is Doran L. Barton, president/CTO, Iodynamics LLC
Iodynamics: IT and Web services by Linux/Open Source specialists
"Depositing the room key into another person is prohibited."
-- Seen in a Japan hotel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20070313/67a53f53/attachment.pgp
More information about the PLUG
mailing list