Simon McVittie <s...@debian.org> writes: > I wonder whether noninteractive su to drop privileges from root to a > system account (in maintainer scripts, etc.) should be discouraged > altogether, in favour of something with argv rather than shell > semantics, like sudo/chrootuid? You can always get back from argv-based > to to shell-based semantics by using "sh -c '<command>'" as the final > arguments, if you really need shell command-line parsing.
I've been using setuidgid from daemontools for this for years because su is much too heavy-weight and kept doing things I didn't want it to do. Now, setuidgid might be *too* lightweight -- for example, running the PAM session stack may still be appropriate so that pam_limits happens -- but it would be nice to get something like this into util-linux or some similar pakcage. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87fvox9khn....@windlord.stanford.edu
