Re: mandb wrapper scripts
- To: Fabrizio Polacco <fab@prosa.it>
- Cc: Ethan Benson <erbenson@alaska.net>, debian-devel@lists.debian.org
- Subject: Re: mandb wrapper scripts
- From: Ethan Benson <erbenson@alaska.net>
- Date: Mon, 7 Feb 2000 03:44:50 -0900
- Message-id: <20000207034450.B5936@plato.localdomain.local>
- In-reply-to: <20000207140315.D449@none>; from fab@prosa.it on Mon, Feb 07, 2000 at 02:03:15PM +0200
- References: <20000206025410.A1475@socrates.localdomain.local> <20000207140315.D449@none>
On Mon, Feb 07, 2000 at 02:03:15PM +0200, Fabrizio Polacco wrote:
>
> Because man and mandb do only the minimum of the job using man
> privileges.
ah, valid reason..
>
> Humm, looks like a valid point, although I thought that "nobody" was a
> "user" who cannot interfere with the filesystem (as he owns non
> permissions. If "nobody" owns non file, and no shell, what's his usage
> at all?
> I will search archives for the past thread, as I'm curious.
well its just a matter of what shell is in /etc/passwd, I am not
completely convinced it really makes much of a difference but i have
not heard any actual argument aside from `its bad for nobody to have a
shell'
however, there is another solution, that just occured to me:
exec su -s /bin/sh nobody -c ${1+"$cmd"}
the -s flag tells su to use the specified shell instead of the one
from /etc/passwd.
the only possible problem with this is portability, I know the su
debian currently uses supports -s but what about other su ? if debian
were to change to another one it would suck to have things start
breaking because it lost -s
> > [ `id -u` = 0 ] && exec ...
> >
> > this unambiguously tests for uid 0 status
>
> This is taken. Absolutely.
>
> fab
> --
> | fab@pukki.ntc.nokia.com fpolacco@prosa.it fpolacco@debian.org
> | 6F7267F5 fingerprint 57 16 C4 ED C9 86 40 7B 1A 69 A1 66 EC FB D2 5E
> | fabrizio.polacco@nokia.com gsm: +358 (0)40 707 2468
>
--
Ethan Benson
Reply to: