On Tue, 2003-10-14 at 21:45, Mike Klein wrote: > I've been locking down different parts of my server, specifically > w/respect to certain services and the user they run under. > > I realize that it's best to run as a special user (i.e. nobody or > account based on service name). > > I've noticed that system accounts (based upon login.defs) are generally > a uid < 100, don't have passwords that expire, often have a home > directory mapping to software install/data directory, and often don't > have login capability. > > I guess the whole point of system accounts (i.e. id < 100) is that they > have these special properties right? Or is there something else. > > Apache for example (you can't su nobody as it has no shell) starts a > single process as root and then spawns all subsequent processes as a > specific user (generally nobody). > > I am trying to create specific accounts for jabber and some other > services. The problem I'm having is that I'll create a jabber account > with home directory being software install directory, give it a > shell...but when I su to this account from a root-run init.d script it > complains about no .bashrc. This is kind of understandable as I AM > running a bash shell. > > However...when I check the mysql user account that the RH9 rpms create, > it has a bash shell and home directory of /var/lib/mysql...yet when I > look in it's home directory there's no .bashrc. I can 'su mysql' and I > don't get the .bashrc complaint...why is this? I have fully checked the > /etc/passwd and other related files for differences in the mysql user > account but I can't find anything. > > Thanks in advance... Hmmm. How did you create the account? Does the error go away if you copy a valid .bashrc say from /etc/skel? What happens when you su - jabber (or whatever you called it) from a command line rather than an init script? When you su - mysql is that from an init.d script or form the command line? I don't have a non production RHL 9 machine to dink with or I would try it myself. Bret -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
