I’d read on a few Tomcat guides to run Tomcat as a user with nologin as the shell in order to prevent this user from being able to use the shell if there was a security breach in Tomcat.
I’d tried executing a script as this user with the setuid (-rws---r-x) and also by using su -s /bin/sh my_nologin_user myscript.sh but I am finding that it is able to execute commands like pwd
ps -ef
grep .
Clearly I am misunderstanding this but I can’t see what the point of using nologin as the shell is if the Tomcat startup script could be edited to perform any shell command (if hacked).
The nologin shell prevents just that: login. Any system login service — various ttys, sshd, etc, will deny access because they run the
loginexecutable, and that fails. A nologin shell won’t prevent one from running arbitrary commands through a shell once untrusted code is running under that user id.The point of using nologin as the shell is that someone can’t ssh/telnet into your system as the user in question — as long as said services use the default configuration and run
loginon the (possibly pseudo) tty.