Mailinglist Archive: opensuse-bugs (14787 mails)
| < Previous | Next > |
[Bug 223159] New: chsh allows to change login shell even if the user has a restricted shell
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Wed, 22 Nov 2006 02:07:06 -0700 (MST)
- Message-id: <bug-223159-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>
https://bugzilla.novell.com/show_bug.cgi?id=223159
Summary: chsh allows to change login shell even if the user has a
restricted shell
Product: SUSE Linux 10.1
Version: Final
Platform: Other
OS/Version: SuSE Linux 10.1
Status: NEW
Severity: Major
Priority: P5 - None
Component: Basesystem
AssignedTo: kukuk@xxxxxxxxxx
ReportedBy: lmuelle@xxxxxxxxxx
QAContact: qa@xxxxxxx
CC: kj@xxxxxxxxx
lmuelle@lisa:~> LC_ALL=POSIX chsh
Changing login shell for lmuelle.
Password:
Enter the new value, or press return for the default.
Login Shell [/usr/bin/rbash]: /bin/bash
Shell changed.
But the chsh man page states: An account with a restricted login shell may not
change their login shell.
Is there a different restricted login shell meant by the man page?
Do I have to edit /etc/shells on all systems where I'd like to lock the users
to rbash?
This might even be appraised as a security problem.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Summary: chsh allows to change login shell even if the user has a
restricted shell
Product: SUSE Linux 10.1
Version: Final
Platform: Other
OS/Version: SuSE Linux 10.1
Status: NEW
Severity: Major
Priority: P5 - None
Component: Basesystem
AssignedTo: kukuk@xxxxxxxxxx
ReportedBy: lmuelle@xxxxxxxxxx
QAContact: qa@xxxxxxx
CC: kj@xxxxxxxxx
lmuelle@lisa:~> LC_ALL=POSIX chsh
Changing login shell for lmuelle.
Password:
Enter the new value, or press return for the default.
Login Shell [/usr/bin/rbash]: /bin/bash
Shell changed.
But the chsh man page states: An account with a restricted login shell may not
change their login shell.
Is there a different restricted login shell meant by the man page?
Do I have to edit /etc/shells on all systems where I'd like to lock the users
to rbash?
This might even be appraised as a security problem.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
| < Previous | Next > |