#289 With RUN_AS_USER, users without a valid shell cannot be used

v3.0.5
open
nobody
None
5
2015-06-29
2014-08-07
opax
No

For UNIX users that exist only to run daemons, it is customary to set the user's shell to /bin/false or /usr/sbin/nologin. Setting RUN_AS_USER to such an account will fail to start the wrapped java process because "su - USERNAME" fails to switch to a user without a valid shell.

For Linux, this is usually solved by using "su -s /bin/sh - USERNAME", overriding the user's shell in the context of this command. Unfortunately, this is not a cross-platform solution, as there does not exist an equivalent option for su on Mac OS X, and I do not know about the other supported platforms.

Using sudo instead of su solves this problem on all platforms I have access to, but I am unsure about possible ramifications.

Discussion

  • Dannes Wessels

    Dannes Wessels - 2014-12-29

    It might be fixed already ; please could you check?

     
  • opax

    opax - 2015-06-29

    The configuration variable SU_OPTS introduced in version 3.5.26 can be used to mitigate the problem (at least on systems supporting a corresponding option for "su"). The behavior is documented in the script, so I think this issue can be closed.

     

Log in to post a comment.