mandb wrapper scripts
Hi,
There are a couple things about the new wrapper scripts for man and
mandb that I am wondering about...
these scripts now check to see if the invoking user is root and if so
changes to nobody before executing the real setuid man/mandb, first
why user nobody? the uid will just end up as man anyway so why use
nobody? the problem with using nobody is some admins prefer to not
give nobody a valid shell, (see a past thread on that) so if they have
changed nobody's shell to say /bin/false mandb and man no longer work
at all as root.
the second thing i find odd in these script is the way they check the
user's uid, they test writablity of /root.. while /root shouldn't be
writable by anyone else I really don't think its a good idea to depend
on that. for example what if the admin made /root writable by his
user's account? (probably not a good idea but I have seen people who
wanted to do similer things with /root) now man is unusable by that
user account since they will be prompted for nobody's password..
checking filesystem permissions just seems awfully fragile to me.
I am wondering if there is any disadvantage to using the following
script instead:
#!/bin/sh -e
pgm=`basename $0`
edir=/usr/lib/man-db
cmd="${edir}/${pgm} ${1+$@}"
[ `id -u` = 0 ] && exec su man -c ${1+"$cmd"}
exec ${cmd}
this unambiguously tests for uid 0 status and allows for user nobody
to not have a valid shell, user man already exists, has a shell and
the man programs are setuid man already so I cannot see any
disadvantage to this arrangement...
comments?
--
Ethan Benson
Reply to: