On Thu, Jan 09, 2014 at 08:50:55AM -0800, Steve Langasek wrote:
> For a lightweight, PAM-less uid switcher in Debian's base system, you
> probably want to use start-stop-daemon --chuid.
Unless you might need to run in contexts (e.g. debootstrap, or chroots
of various kinds) where start-stop-daemon
* Steve Langasek , 2014-01-09, 08:50:
I wonder whether noninteractive su to drop privileges from root to a
system account (in maintainer scripts, etc.) should be discouraged
altogether, in favour of something with argv rather than shell
semantics, like sudo/chrootuid? You can always get back fr
On Thu, Jan 09, 2014 at 08:40:36AM -0800, Russ Allbery wrote:
> Simon McVittie writes:
> > I wonder whether noninteractive su to drop privileges from root to a
> > system account (in maintainer scripts, etc.) should be discouraged
> > altogether, in favour of something with argv rather than shell
Simon McVittie writes:
> I wonder whether noninteractive su to drop privileges from root to a
> system account (in maintainer scripts, etc.) should be discouraged
> altogether, in favour of something with argv rather than shell
> semantics, like sudo/chrootuid? You can always get back from argv-b
On Thu, Jan 09, 2014 at 11:43:09AM +, Simon McVittie wrote:
> On 09/01/14 11:23, Colin Watson wrote:
> > In short, if you're using "su " for any of the affected users
> > (daemon bin sys games man lp mail news uucp proxy www-data backup list
> > irc gnats nobody), and you weren't already passin
On 09/01/14 11:23, Colin Watson wrote:
> In short, if you're using "su " for any of the affected users
> (daemon bin sys games man lp mail news uucp proxy www-data backup list
> irc gnats nobody), and you weren't already passing an -s option, you
> must add "-s /bin/sh".
I wonder whether nonintera
On Tue, Jan 07, 2014 at 03:59:34PM +, Colin Watson wrote:
> Russ supplied a patch to allow update-passwd to use debconf for
> prompting, which I've now merged after some tweaking between us. As of
> base-passwd 3.5.30, all these accounts will have their shells changed to
> /usr/sbin/nologin, w
Russ supplied a patch to allow update-passwd to use debconf for
prompting, which I've now merged after some tweaking between us. As of
base-passwd 3.5.30, all these accounts will have their shells changed to
/usr/sbin/nologin, with debconf prompts at priority medium defaulting to
true.
Thanks, Ru
On Fri, Nov 01, 2013 at 12:42:30PM -0700, Russ Allbery wrote:
> Colin Watson writes:
> > However, there's an awkward problem blocking the change, namely #184979.
> > The last time I made any change to passwd.master or group.master that
> > caused update-passwd to prompt everyone to accept it was i
9 matches
Mail list logo
