Simon McVittie <[email protected]> writes: > I wonder whether noninteractive su to drop privileges from root to a > system account (in maintainer scripts, etc.) should be discouraged > altogether, in favour of something with argv rather than shell > semantics, like sudo/chrootuid? You can always get back from argv-based > to to shell-based semantics by using "sh -c '<command>'" as the final > arguments, if you really need shell command-line parsing.
I've been using setuidgid from daemontools for this for years because su is much too heavy-weight and kept doing things I didn't want it to do. Now, setuidgid might be *too* lightweight -- for example, running the PAM session stack may still be appropriate so that pam_limits happens -- but it would be nice to get something like this into util-linux or some similar pakcage. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
