On Thu, Jan 09, 2014 at 08:40:36AM -0800, Russ Allbery wrote: > Simon McVittie <smcv@debian.org> writes: > > I wonder whether noninteractive su to drop privileges from root to a > > system account (in maintainer scripts, etc.) should be discouraged > > altogether, in favour of something with argv rather than shell > > semantics, like sudo/chrootuid? You can always get back from argv-based > > to to shell-based semantics by using "sh -c '<command>'" as the final > > arguments, if you really need shell command-line parsing. > I've been using setuidgid from daemontools for this for years because su > is much too heavy-weight and kept doing things I didn't want it to do. For a lightweight, PAM-less uid switcher in Debian's base system, you probably want to use start-stop-daemon --chuid. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org
Attachment:
signature.asc
Description: Digital signature