[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mandb wrapper scripts

On Mon, Feb 07, 2000 at 02:03:15PM +0200, Fabrizio Polacco wrote:
> Because man and mandb do only the minimum of the job using man
> privileges.

ah, valid reason..
> Humm, looks like a valid point, although I thought that "nobody" was a
> "user" who cannot interfere with the filesystem (as he owns non
> permissions. If "nobody" owns non file, and no shell, what's his usage
> at all?
> I will search archives for the past thread, as I'm curious.

well its just a matter of what shell is in /etc/passwd, I am not
completely convinced it really makes much of a difference but i have
not heard any actual argument aside from `its bad for nobody to have a

however, there is another solution, that just occured to me:

exec su -s /bin/sh nobody -c ${1+"$cmd"}

the -s flag tells su to use the specified shell instead of the one
from /etc/passwd.

the only possible problem with this is portability, I know the su
debian currently uses supports -s but what about other su ? if debian
were to change to another one it would suck to have things start
breaking because it lost -s

> > [ `id -u` = 0 ] && exec ...
> > 
> > this unambiguously tests for uid 0 status 
> This is taken. Absolutely.
> fab
> -- 
> | fab@pukki.ntc.nokia.com     fpolacco@prosa.it    fpolacco@debian.org
> | 6F7267F5 fingerprint 57 16 C4 ED C9 86 40 7B 1A 69 A1 66 EC FB D2 5E
> | fabrizio.polacco@nokia.com                  gsm: +358 (0)40 707 2468

Ethan Benson

Reply to: