Re: Bug#274229: System accounts with valid shells
On 09/01/14 11:23, Colin Watson wrote:
> In short, if you're using "su <user>" for any of the affected users
> (daemon bin sys games man lp mail news uucp proxy www-data backup list
> irc gnats nobody), and you weren't already passing an -s option, you
> must add "-s /bin/sh".
I wonder whether noninteractive su to drop privileges from root to a
system account (in maintainer scripts, etc.) should be discouraged
altogether, in favour of something with argv rather than shell
semantics, like sudo/chrootuid? You can always get back from argv-based
to to shell-based semantics by using "sh -c '<command>'" as the final
arguments, if you really need shell command-line parsing.
runcon(1) in recent coreutils does appear to have the argv-based
semantics, although I'm not sure whether it's (SE)Linux-specific; and it
might be better to run in a clean environment too, like "su -" and (with
default configuration) "sudo -H" do.