Re: Changing a user's shell on CentOS Directory Server?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Bill Campbell wrote:
> On Sun, May 31, 2009, Matt Harrington wrote:
>> Should unprivileged users be able to change their shell with lchsh on
>> 5.3 and, if it matters, CentOS Directory Server?  lchsh seems to
>> require more open permissions than those which come with a default
>> installation:
> 
> Personally I would not permit uses to change their shells, but
> require appropriate admin privileges.  I have seen systems hacks
> made via webmin or usermin where the user's shell was changed
> from /bin/false to /bin/bash, then the account used to install
> user-level bots that definately should not have been there.

Any tool that changes the shell should have a whitelist of shells the 
user account must currently be set to or it exits, and probably should 
validate the new shell is in that white list as well before it changes it.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux