Bug#1021613: systemd: generates too much log for ssh connection
Vincent Lefevre
vincent at vinc17.net
Wed Oct 12 14:57:51 BST 2022
On 2022-10-12 14:43:06 +0200, Michael Biebl wrote:
> Apparently you can still use su, sudo etc with --disabled-login. So I wonder
> if there is a real difference in practice to --disabled-password.
In some way, I would regard the command-via-ssh feature to behave
a bit like sudo: this is not a login, one just wants to run a
command (sudo is used to run it as another user, ssh is used to
run it remotely).
> In any case, apparently a "login" under that user has happened (via SSH I
> assume). Otherwise pam_systemd.so and `systemd --user` wouldn't have been
> triggered.
While I wanted to report a bug against adduser to ask for a
clarification, I saw:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625758
'adduser --disabled-login' does not behave as documented.
reported 11 years ago and still open!
Last comment a few months ago
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625758#72
with in particular:
- change and document (adduser(8)) that --disabled-password will behave
like --disabled-login and additionally set the shell to
/usr/sbin/nologin.
- --disabled-login and an explicitly set --shell is an error and will be
flagged as such.
Using both --disabled-login and --shell was exactly what I did
(setting a shell was necessary to be able to run the command,
even though how the command is run is not mentioned in the sshd
man page).
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the Pkg-systemd-maintainers
mailing list