Re: systemd says "org.freedesktop.systemd1.TransactionIsDestructive"
On Thu, Aug 31, 2017 at 07:40:50PM +0100, Jonathan de Boyne Pollard wrote:
> That said, it does sound like, from the scant description given, you are
> mis-using |su|. Do not abuse |su| to drop privileges
> <http://jdebp.eu./FGA/dont-abuse-su-for-dropping-privileges.html>, from
> |root| to |nobody|. There are proper tools for the job of dropping
> privileges, which do not involve PAM and which will thus not hit this
> problem. Moreover: do not abuse |nobody| for running dæmons
> <http://jdebp.eu./FGA/dont-abuse-nobody-for-daemons.html>, if you are doing
> that. Set up a proper rôle account. And, indeed, give the cron job
> (whatever it is) directly to that rôle account's |crontab|.
Thank you. This lecture, though misplaced, proved to be useful.
While checking /etc/cron.daily to confirm that it's a Debian package,
not anything I wrote, which uses `su nobody`, I found that
/etc/cron.daily/locate calls updatedb.findutils with $LOCALUSER set to
"nobody". updatedb.findutils then calls `su $LOCALUSER` multiple times,
matching the multiple attempts to su from root to nobody that I see in
auth.log.
For my part, I suppose I'll resolve this by switching from locate to
mlocate, which does its database updates as root, so it should have no
reason to drop privileges, regardless of the method.
In the larger picture, I suppose this qualifies as a bug in the locate
package. But I will not file a bug against the package because,
honestly, I don't believe that I understand the pieces in play well
enough to make a convincing argument to the maintainer that it should be
changed, much less what it should be changed *to*.
--
Dave Sherohman
Reply to: