phs@lifia.UUCP (Philippe Schnoebelen) (08/06/87)
When you call vipw in order to modify the passwd file under UNIX BSD4.3, it performs several so called "sanity checks", e.g. that you have su'ed, that noone else is currently modifying it, ... but more surprisingly it also verifies that your shell is bin/csh or /bin/sh, which forbids you to use another shell when su'ed. Is there a good reason for this ? Is there any way around this other than patching the source and recompiling ? Is there any danger in doing so ? Thanks in advance, -- Philippe SCHNOEBELEN, LIFIA - INPG, UUCP : phs@lifia.imag.fr 46, Avenue Felix VIALLET 38000 Grenoble, FRANCE "Algebraic symbols are used when you do not know what you are talking about."
guy%gorodish@Sun.COM (Guy Harris) (08/10/87)
> When you call vipw ... it also verifies that your shell is bin/csh or > /bin/sh, which forbids you to use another shell when su'ed. > > Is there a good reason for this ? Some have argued that there is a good reason for providing *some* form of checking on the login shell. The 4.2BSD version of "chsh" only allowed a user to change their login shell to "/bin/sh" or "/bin/csh", although the super-user could change it arbitrarily. The claim was that this prevented somebody from walking up to your terminal while you were on the toilet and changing your login shell to something funny, or something like that. 4.3BSD does it a bit better; if the file "/etc/shells" exists, you can change your login shell to anything listed in that file. "vipw" really should use "/etc/shells" to validate the shell, rather than having "/bin/sh" and "/bin/csh" hardcoded into it. It looks like Arnold Robbins posted a fix at some point to make it do exactly that. Basically, it should use "getusershell" to scan the list of valid shells; this routine handles defaulting to "/bin/sh" and "/bin/csh" if there is no "/etc/shells" file. Guy Harris {ihnp4, decvax, seismo, decwrl, ...}!sun!guy guy@sun.com
ron@topaz.rutgers.edu (Ron Natalie) (08/10/87)
No, what it does is it prevents you from setting the ROOT default
log in shell to something other than /bin/sh or /bin/csh. You should
avoid doing that anyway. It's usually best to use a working shell
for root (like a System V Bourne shell) rather than any of the buggy
shells that come with Berkeley UNIX.
If you want alternate "su" shells, you can do the entries of the form
croot:XCJlkJER38:0:0:Charlie &:/:/bin/csh
and alias "su" to "su croot" in your own shell. Or bypass it entirely
and alias su to
su -c exec "/bin/funny-sh"
-Ronado@elsie.UUCP (Arthur David Olson) (08/11/87)
In article <13848@topaz.rutgers.edu>, ron@topaz.rutgers.edu (Ron Natalie) notes: > . . .it prevents you from setting the ROOT default log in shell to > something other than /bin/sh or /bin/csh. You should > avoid doing that anyway. It's usually best to use a working shell > for root (like a System V Bourne shell) rather than any of the buggy > shells that come with Berkeley UNIX. We tried to follow your advice here at Elsie, Ron. . .but vipw wouldn't accept "/bin/ksh" after we'd obtained it from those wonderful folks who brought you System V. The change that's been applied to "vipw.c" here: *** 3.1/vipw.c Mon Aug 10 21:06:57 1987 --- 3.2/vipw.c Mon Aug 10 21:06:58 1987 *************** *** 129,138 **** --- 136,152 ---- if (strncmp(++cp, "/:", 2)) break; cp += 2; + #ifdef ASWAS if (*cp && strcmp(cp, "/bin/sh") && strcmp(cp, "/bin/csh")) break; ok++; + #else /* !ASWAS */ + if (*cp == '\0' || + (*cp == '/' && access(cp, X_OK) == 0)) + ++ok; + break; + #endif /* !ASWAS */ } fclose(ft); if (ok) { -- UUCP: elsie!ado Elsie and Ado are trademarks of Borden, Inc. and Ampex.
xsimon@its63b.ed.ac.uk (Simon Brown) (08/11/87)
In article <2647@lifia.UUCP> phs@lifia.UUCP (Philippe Schnoebelen) writes: >When you call vipw in order to modify the passwd file under UNIX BSD4.3, it >performs several so called "sanity checks", e.g. that you have su'ed, that >noone else is currently modifying it, ... but more surprisingly it also >verifies that your shell is bin/csh or /bin/sh, which forbids you to use >another shell when su'ed. > >Is there any way around this other than patching the source and recompiling? Yeah - fire up an "adb -w", and change that "c" in csh to something more useful - like a "k", perhaps? -- ---------------------------------- | Simon Brown | UUCP: seismo!mcvax!ukc!its63b!simon | Department of Computer Science | JANET: simon@uk.ac.ed.its63b | University of Edinburgh, | ARPA: simon%its63b.ed.ac.uk@cs.ucl.ac.uk | Scotland, UK. | ---------------------------------- "Life's like that, you know"