[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#179125: maintainer scripts tries to exec script in /tmp

On Mon, 3 Feb 2003 14:40, Andreas Metzler wrote:
> > I'm not sure how to express the command in a form that will work if
> > $SCRIPTFILE can't be executed directly.
> Just guessing:
> su - postgres -c "/usr/bin/perl /tmp/config.151751"
>                   cu andreas

su should not be used in postinst scripts or daemon start scripts.  su wants 
access to /etc/shadow and needs special security configuration.

Also for general security it's best for such daemon accounts to not have valid 
shells if possible, which precludes su.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: