[Freeipa-devel] [PATCH] self service aci
Pete Rowley
prowley at redhat.com
Tue Oct 30 18:21:13 UTC 2007
Rob Crittenden wrote:
> Pete Rowley wrote:
>> Rob Crittenden wrote:
>
> Can't users change their shell today with /usr/bin/chsh? I don't see
> the controversy there. The trick is only letting them put in a legal
> value and that is system-dependant (e.g. mine is set for /bin/zsh and
> I log into an AIX box without that installed).
Well, I was thinking along the lines of it allowing arbitrary commands
to be executed with root privilege. For example, an escalation of privilege:
loginShell: /home/prowley/addMeToSudoers
I suspect this is the kind of thing that makes it problem, still need to
check it out though.
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071030/e85570ff/attachment.bin>
More information about the Freeipa-devel
mailing list