3

I attach to a docker image where user has already been created with this command:

RUN useradd -r -u 200 -m -c "nexus role account" -d /nexus-data -s /bin/false nexus

I wanted to run a command as this user, but nothing happened. Trying to solve this, I discovered I can't run anything with a user having /bin/false as login:

# useradd xxx
# su xxx -c 'ls >>/t/t1'
# ls /t
t1
# useradd -s /bin/false
# su xxx1 -c 'ls >>/t/t2'
# ls /t
t1

I was expecting that login shell would not matter when calling su without -. I googled and I found out that I can run the command if I add -s /bin/bash, but why is that so? The - option is su means 'use login shell', why is the login shell relevant without -?

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
Assen Kolov
  • 185

1 Answers1

9

If you don't specify -s or --preserve-environment then the target user's shell is used. In your example this would run /bin/false -c 'ls >> /t/t2' which, of course, doesn't run anything useful.

The "login shell" has a specific meaning and would cause normal shells such as sh or bash to run the login scripts such as .profile.

Stephen Harris
  • 44,540