Re: correct use of su
On Sat, May 10, 2014 at 11:11:10PM -0700, Steve Langasek wrote:
> On Sun, May 11, 2014 at 11:12:08AM +1000, Brian May wrote:
> > The name "start-stop-daemon" would suggest this is inappropriate for cron
> > jobs, is that an invalid assumption I made?
>
> Perhaps a better name could have been chosen, in hindsight. But in
> practice, s-s-d is the best available tool for uid switching in any
> noninteractive scripts.
There are situations where start-stop-daemon is disabled to avoid
daemons starting up in inappropriate contexts (such as during d-i), yet
we still need to switch uids because the task at hand is not one of
those that should be disabled in such contexts. The example of this I'm
familiar with is in man-db.postinst, which has this code:
run_mandb () {
db_get man-db/auto-update
[ "$RET" = true ] || return 0
# start-stop-daemon isn't available when running from debootstrap.
perl -e '@pwd = getpwnam("man"); $( = $) = $pwd[3]; $< = $> = $pwd[2];
exec "/usr/bin/mandb", @ARGV' -- "$@" || true
}
(This is not relevant for Brian's cron job case, of course, but I still
think it's worth mentioning as "any noninteractive scripts" is quite a
sweeping statement.)
It's a shame that there is, as far as I know, no low-level tool for this
in an Essential package.
--
Colin Watson [cjwatson@debian.org]
Reply to: