Comment 7 for bug 890362
Revision history for this message
| Stuart McLaren (stuart-mclaren) wrote Re: Should glance user's shell be /bin/false? | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
5c6b958
demo site
(Get the code!)
> you want code to run as underprivileged as possible
Agreed.
What do you think about this:
We could set glance's shell to /bin/false but use commands such as the following to run the services:
su -s /bin/sh -c "glance-registry" glance
That way you can't log in as the glance user, but the services still don't require privileges.