From od@iclub.nsu.ru  Mon Oct 29 02:04:31 2001
Return-Path: <od@iclub.nsu.ru>
Received: from mail.nsu.ru (b.ns.ssc.nsu.ru [193.124.215.221])
	by hub.freebsd.org (Postfix) with ESMTP id 0932437B405
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 29 Oct 2001 02:04:29 -0800 (PST)
Received: from iclub.nsu.ru ([193.124.222.66] ident=root)
	by mail.nsu.ru with esmtp (Exim 3.20 #1)
	id 15y9H2-0000Sq-00
	for FreeBSD-gnats-submit@freebsd.org; Mon, 29 Oct 2001 16:04:04 +0600
Received: (from od@localhost)
	by iclub.nsu.ru (8.11.6/8.11.6) id f9TA45E75021;
	Mon, 29 Oct 2001 16:04:05 +0600 (NS)
	(envelope-from od)
Message-Id: <200110291004.f9TA45E75021@iclub.nsu.ru>
Date: Mon, 29 Oct 2001 16:04:05 +0600 (NS)
From: oleg dashevskii <od@iclub.nsu.ru>
Reply-To: oleg dashevskii <od@iclub.nsu.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: "su nobody -c command" refuses to work
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         31582
>Category:       i386
>Synopsis:       "su nobody -c command" refuses to work
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 29 02:10:00 PST 2001
>Closed-Date:    Mon Oct 29 03:32:58 PST 2001
>Last-Modified:  Mon Oct 29 03:33:56 PST 2001
>Originator:     oleg dashevskii
>Release:        FreeBSD 4.4-STABLE i386
>Organization:
NSU
>Environment:
System: FreeBSD iclub.nsu.ru 4.4-STABLE FreeBSD 4.4-STABLE #6: Thu Oct 4 22:35:22 NSS 2001 root@iclub.nsu.ru:/usr/obj/usr/src/sys/iclub i386

>Description:
	su refuses to work for users which have /sbin/nologin as the shell.
	e.g., su man -c catman as specified in `man su` outputs
	"This account is currently not available"
	I've run into this problem trying to issue a command with nobody UID.

>How-To-Repeat:
	su man -c catman
>Fix:
	???
>Release-Note:
>Audit-Trail:

From: Peter Pentchev <roam@ringlet.net>
To: oleg dashevskii <od@iclub.nsu.ru>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: i386/31582: "su nobody -c command" refuses to work
Date: Mon, 29 Oct 2001 14:27:17 +0200

 On Mon, Oct 29, 2001 at 04:04:05PM +0600, oleg dashevskii wrote:
 > 
 > >Number:         31582
 > >Category:       i386
 > >Synopsis:       "su nobody -c command" refuses to work
 > >Originator:     oleg dashevskii
 > >Release:        FreeBSD 4.4-STABLE i386
 > >Organization:
 > NSU
 > >Environment:
 > System: FreeBSD iclub.nsu.ru 4.4-STABLE FreeBSD 4.4-STABLE #6: Thu Oct 4 22:35:22 NSS 2001 root@iclub.nsu.ru:/usr/obj/usr/src/sys/iclub i386
 > 
 > >Description:
 > 	su refuses to work for users which have /sbin/nologin as the shell.
 > 	e.g., su man -c catman as specified in `man su` outputs
 > 	"This account is currently not available"
 > 	I've run into this problem trying to issue a command with nobody UID.
 > 
 > >How-To-Repeat:
 > 	su man -c catman
 > >Fix:
 > 	???
 
 Okay, this is currently not documented clearly in the su(1) manual page.
 The option -m, as used by the startup and periodic scripts, is what you
 need - if you specify -m, su(1) does not try to invoke the user's shell,
 but executes your own (root's) login shell.  One look at the periodic
 scripts would have shown you the syntax used there:
 
 [root@straylight:p0 /etc]# fgrep -w su rc* periodic/*/*
 rc.network:		su -m ${ppp_user} -c "exec ${ppp_command}"
 periodic/daily/340.uucp:	    echo /etc/uuclean.daily | su -m uucp && rc=0 || rc=3
 periodic/weekly/300.uucp:	    echo /usr/libexec/uucp/clean.weekly | su -m daemon && rc=0 || rc=3
 periodic/weekly/310.locate:	echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody || rc=3
 periodic/weekly/330.catman:			su -fm man || rc=3
 periodic/weekly/330.catman:				"$MANPATH" | su -fm man || rc=3
 [root@straylight:p0 /etc]#
 
 And a demonstration:
 
 [root@straylight:v0 /etc]# su nobody -c id
 This account is currently not available.
 [root@straylight:v0 /etc]# su -m nobody -c id
 uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)
 [root@straylight:v0 /etc]#
 
 Hope that helps.
 
 G'luck,
 Peter
 
 -- 
 "yields falsehood, when appended to its quotation." yields falsehood, when appended to its quotation.
State-Changed-From-To: open->closed 
State-Changed-By: roam 
State-Changed-When: Mon Oct 29 03:32:58 PST 2001 
State-Changed-Why:  
Do you think this PR should be left open to deal with possible 
manual page clarifications, or are you satisfied with the explanation? 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=31582 
>Unformatted:
