Bug 31582

Summary: "su nobody -c command" refuses to work
Product: Base System Reporter: od <od>
Component: i386Assignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.4-STABLE   
Hardware: Any   
OS: Any   

Description od 2001-10-29 10:10:00 UTC 
	su refuses to work for users which have /sbin/nologin as the shell.
	e.g., su man -c catman as specified in `man su` outputs
	"This account is currently not available"
	I've run into this problem trying to issue a command with nobody UID.

Fix: 

???
How-To-Repeat: 	su man -c catman
Comment 1 Peter Pentchev freebsd_committer freebsd_triage 2001-10-29 11:32:58 UTC 
State Changed
From-To: open->closed

Do you think this PR should be left open to deal with possible 
manual page clarifications, or are you satisfied with the explanation?
Comment 2 Peter Pentchev 2001-10-29 12:27:17 UTC 
On Mon, Oct 29, 2001 at 04:04:05PM +0600, oleg dashevskii wrote:
> 
> >Number:         31582
> >Category:       i386
> >Synopsis:       "su nobody -c command" refuses to work
> >Originator:     oleg dashevskii
> >Release:        FreeBSD 4.4-STABLE i386
> >Organization:
> NSU
> >Environment:
> System: FreeBSD iclub.nsu.ru 4.4-STABLE FreeBSD 4.4-STABLE #6: Thu Oct 4 22:35:22 NSS 2001 root@iclub.nsu.ru:/usr/obj/usr/src/sys/iclub i386
> 
> >Description:
> 	su refuses to work for users which have /sbin/nologin as the shell.
> 	e.g., su man -c catman as specified in `man su` outputs
> 	"This account is currently not available"
> 	I've run into this problem trying to issue a command with nobody UID.
> 
> >How-To-Repeat:
> 	su man -c catman
> >Fix:
> 	???

Okay, this is currently not documented clearly in the su(1) manual page.
The option -m, as used by the startup and periodic scripts, is what you
need - if you specify -m, su(1) does not try to invoke the user's shell,
but executes your own (root's) login shell.  One look at the periodic
scripts would have shown you the syntax used there:

[root@straylight:p0 /etc]# fgrep -w su rc* periodic/*/*
rc.network:		su -m ${ppp_user} -c "exec ${ppp_command}"
periodic/daily/340.uucp:	    echo /etc/uuclean.daily | su -m uucp && rc=0 || rc=3
periodic/weekly/300.uucp:	    echo /usr/libexec/uucp/clean.weekly | su -m daemon && rc=0 || rc=3
periodic/weekly/310.locate:	echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody || rc=3
periodic/weekly/330.catman:			su -fm man || rc=3
periodic/weekly/330.catman:				"$MANPATH" | su -fm man || rc=3
[root@straylight:p0 /etc]#

And a demonstration:

[root@straylight:v0 /etc]# su nobody -c id
This account is currently not available.
[root@straylight:v0 /etc]# su -m nobody -c id
uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)
[root@straylight:v0 /etc]#

Hope that helps.

G'luck,
Peter

-- 
"yields falsehood, when appended to its quotation." yields falsehood, when appended to its quotation.