Re: correct use of su
Hi!
On Mon, 2014-05-12 at 22:50:39 -0700, Noah Meyerhans wrote:
> There are two reasons I use su in /etc/cron.daily/spamassassin. One is
> to change uid/gid, and the other is to reset the shell environment to a
> base state. The need for this was highlighted in bug 738951. I doubt
> that this is a problem unique to spamassassin.
>
> 'su -l' takes care of both uid switching and environment cleansing.
> start-stop-daemon only helps with the first. The appropriate solution
> for resetting the environment isn't apparent. Should s-s-d be extended
> with such functionality? Or is there a more appropriate tool that I'm
> missing?
Ok, there seems to be two issues here, one is the environment inherited
by the cronjob from cron(8), which is the one inherited by the daemon
itself, depending on how it was started. The other (I take) is the
environment inherited by the cron script when invoked from the
maintainer script. While both are related they have different origin.
There's <https://bugs.debian.org/720163> against s-s-d, although as I
mention there I'm not really comfortable resetting the environment by
default as that implies a somewhat Debian specific policy hardcoded
in s-s-d, but adding a new option or set of options for that would be
appropriate. Or maybe just possibly taking the whitelist from a file
shipped as part of base-files or similar would be fine too.
Then there's <https://bugs.debian.org/631081#58> against dpkg. But
also as I mention there, the fix might need to be applied somewhere
else, probably invoke-rc.d(8) or service(8).
The problem with both those requests, if implemented, is that they would
still not cover all entry points and people would still end up with
dirty environments, say when invoking /etc/init.d/script directly,
or because the environment might still affect other parts of the
maint or init scripts besides the ones under dpkg or s-s-d control.
Thanks,
Guillem
Reply to: