On Wed, Jun 20, 2007 at 07:52:30AM +0200, Michael Kerrisk wrote: > So, now I'm starting to get clearer. Are you saying that su will reject a > user if there login shell is not one of those listed in /etc/shells?
No, Su will not reject the user, but will not allow a user 'switching' to it, to setup an alternate shell (through --shell) if the users' shell is *not* listed in /etc/shells. So, if you have a disabled user (shell is '/usr/sbin/nologin' and is not listed in /etc/shells), a local user cannot 'su' to it as any commands will be executed using that shell and the local user cannot force to use a different one. Hope the explanations helps, Javier
signature.asc
Description: Digital signature
