The subject was su-ing to another user in init 1 mode.
I wrote:
> Out of interest, what do you think should stop su working in init level
> 1? I mean on a "physical", which-bit-of-code-should-cause-an-error-and-
> why level?
Jeff Vian wrote:
> Run level one does not have the concept of other users. It is called
> single user mode for a very good reason.
I think you're over-estimating the importance of init. Run level one is
fundamentally an init concept -- it's defined in /etc/inittab and the
System V initscripts. It changes which programs get automatically run at
boot time.
But the concept of "users", and "user ID" is a kernel one, which init
doesn't get to play with. The kernel doesn't have a concept of run-level
one, and neither does bash. (After all, you don't need to use a
traditional init at all -- in an emergency, bash will do perfectly
well).
> Do they? I believe the only shell that runs is the one that is started
> when entering run level 1, and that is not a login shell. I have never
> tried, but AIUI you cannot launch another shell when in run level 1.
You can. Try it. A shell is just another process, after all.
What you will *get* if you type "bash" is another shell: you can set
environment variables there without affecting the main shell. It's not
very useful, but you can do it. When you exit the shell, you get back to
the main shell.
It's very much like using chroot on the rescue cd (man chroot says that
by default, it will start another shell).
While you're in run level one, try running the command "login". And try
su, of course.
> I don't think you are correct in this concept. Single user mode (run
> level 1) does not allow use of the password file,
Um. By default, it doesn't *use* pam or the passwd file for logging in.
That doesn't mean it does not *allow* use of the passwd file (for login
or other purposes -- what if you've got a hosed passwd file?)
But that's not the point. su as root doesn't *use* the passwd file, nor
pam. Since you are root at this point, su (and the underlying kernel
calls) know you don't have to identify yourself. You can just start a
new process (which happens to be a shell), telling the kernel that it
should treat the shell as being run by a different user.
That's all su does normally anyway -- it just will use pam to ensure
that non-root users are allowed to su to the new account.
In any case, all that mechanism is still there.
(Slight snip)
> The only user available is
> a root shell, no login, and no utilities that mangage the multi-user
> environment.
Precisely what utilities are you thinking about?
James.
--
New address: james | These people are toast, and it is time to turn them
@aprilcottage.co.uk | over so that they are evenly roasted on both sides.
| -- AllParadox, on groklaw.net
