[Freeipa-devel] [PATCH] self service aci
Simo Sorce
ssorce at redhat.com
Tue Oct 30 18:45:07 UTC 2007
On Tue, 2007-10-30 at 11:21 -0700, Pete Rowley wrote:
> Rob Crittenden wrote:
> > Pete Rowley wrote:
> >> Rob Crittenden wrote:
> >
> > Can't users change their shell today with /usr/bin/chsh? I don't see
> > the controversy there. The trick is only letting them put in a legal
> > value and that is system-dependant (e.g. mine is set for /bin/zsh and
> > I log into an AIX box without that installed).
> Well, I was thinking along the lines of it allowing arbitrary commands
> to be executed with root privilege. For example, an escalation of privilege:
>
> loginShell: /home/prowley/addMeToSudoers
>
> I suspect this is the kind of thing that makes it problem, still need to
> check it out though.
The shell is run as the user, so this is not to worry.
Simo.
More information about the Freeipa-devel
mailing list