Comment 7 for bug 890362

Revision history for this message
Stuart McLaren (stuart-mclaren) wrote : Re: Should glance user's shell be /bin/false?

> you want code to run as underprivileged as possible


What do you think about this:

We could set glance's shell to /bin/false but use commands such as the following to run the services:

su -s /bin/sh -c "glance-registry" glance

That way you can't log in as the glance user, but the services still don't require privileges.