[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#274229: System accounts with valid shells

On Thu, Jan 09, 2014 at 08:40:36AM -0800, Russ Allbery wrote:
> Simon McVittie <smcv@debian.org> writes:

> > I wonder whether noninteractive su to drop privileges from root to a
> > system account (in maintainer scripts, etc.) should be discouraged
> > altogether, in favour of something with argv rather than shell
> > semantics, like sudo/chrootuid? You can always get back from argv-based
> > to to shell-based semantics by using "sh -c '<command>'" as the final
> > arguments, if you really need shell command-line parsing.

> I've been using setuidgid from daemontools for this for years because su
> is much too heavy-weight and kept doing things I didn't want it to do.

For a lightweight, PAM-less uid switcher in Debian's base system, you
probably want to use start-stop-daemon --chuid.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: