Am 09.02.19 um 23:26 schrieb Francesco Poli:
> On Sat, 9 Feb 2019 22:31:14 +0100 Michael Biebl wrote:
> 
>> Hi
>>
>> Am 09.02.19 um 10:39 schrieb Francesco Poli:
>>
>>> Could you please do me a favor?
>>> I would like you to read bug [#916753] log and then tell me what you
>>> think. Your insight might be useful to find a better solution.
>>
>> What kind of input do you need?
> 
> I would like some insight especially on [message #30], regarding the
> fact that runuser does something basically equivalent to what su does,
> and thus seems to be unfit to irreversibly drop root privileges, and
> regarding my search for a command that works like s6-setuidgid, but
> runs the given command inside the user's login shell (with all the
> environment that the user would get on a normal login).

Aren't those conflicting requirements?
On the one hand you want a full login shell, which typically involves
PAM. On the other hand you don't want PAM involved.

> [message #30]: <https://bugs.debian.org/916753#30>
> 
>> I guess I already mentioned the two alternatives (runuser/setpriv).
> [...]
> 
> Maybe setpriv is equivalent to s6-setuidgid.
> If this is the case, it can be used as an alternative to s6-setuidgid.

setpriv should do pretty much the same as s6-setuidgid, with the benefit
of not requiring an exotic package being installed.

> But I would like to have a command that runs a given command inside the
> regular user's login environment, as I said above.
> Do you know one such command?

What exactly do you mean by "user's login environment"?

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to