Martijn van Duren wrote:
> >> Would
> >> doas -c /rootdir somecmd
> >> be of any use ?
> >
> > Not particularly opposed, but the extend of this option should be
> > examined. E.g. do we want to extend it to the config to be something
> > similar to -u and limit it's use for certain commands?
> >
>
Martijn van Duren wrote:
> > But what would it hurt to allow root usage ?
> > Specifically,
> >
> > doas -u ${BUILDUSER} some unquoted command
> >
> > as run by root. This would not open any security hole, would it ?
>
> I don't see any and I've been bitten by having a rootshell open and
> typi
On 5/13/19 10:00 AM, Martijn van Duren wrote:
> On 5/13/19 9:13 AM, Marc Espie wrote:
>> So, in dpb, I've been forking a lot of 'chroot -u user /build'
>> to build various things, and it works just great.
>>
>> I was wondering about the benefits of
>> su ${BUILDUSER} -c 'some quoted command'
>> vs
On 5/13/19 9:13 AM, Marc Espie wrote:
> So, in dpb, I've been forking a lot of 'chroot -u user /build'
> to build various things, and it works just great.
>
> I was wondering about the benefits of
> su ${BUILDUSER} -c 'some quoted command'
> vs
> chroot -u ${BUILDUSER} / some unquoted command
>
>
So, in dpb, I've been forking a lot of 'chroot -u user /build'
to build various things, and it works just great.
I was wondering about the benefits of
su ${BUILDUSER} -c 'some quoted command'
vs
chroot -u ${BUILDUSER} / some unquoted command
Superficially, it looks mostly similar.
The very nic
