Bug#411997: [Pkg-shadow-devel] Bug#411997: login: rbash and su - username

Nicolas François nicolas.francois at centraliens.net
Sat Feb 24 18:22:33 CET 2007


bash's maintainer CC'ed in case he has a better idea.

On Thu, Feb 22, 2007 at 06:42:13PM +0000, oobermick at gmail.com wrote:
> Package: login
> Version: 1:
> Severity: normal
> I have created a user with the shell /bin/rbash, when I log in to this
> account rbash behaves as expected (can't change directory, can't run
> commands starting with /), when I su to this account I again get the
> expected rbash behaviour. However, when I do "su - username" the shell
> no longer restricts the user in any way.

When invoked with -, -l or --login, su executes the shell and change the
first argument (argv[0]) to "-su". But rbash is just a link to bash and
relies on the first argument in order to enabled the restricted mode.

I've no ideas whether we can change the behavior of su and stop changing
the first argument (IIRC, it's used by some script to check whether it is
run under su).

Matthias, would it be possible in bash to also rely on the $SHELL
environment variable?

Kind Regards,

More information about the Pkg-shadow-devel mailing list