Emilien Klein <emil...@klein.st> writes: > TLDR: in order to execute a command as another user, should `sudo` or > `su --command` be used?
su. You don't want to depend on sudo to ensure that it's available, since package users may not want sudo installed on their systems. (I tend not to install it on servers myself, since I use Kerberos authentication and don't use any system that involves sending long-term keys to servers, such as sudo's default password model.) In addition, I recommend explicitly setting the shell to use when running commands with su (using the -s flag). Specialized users for running particular applications normally should not have a valid shell, and auditors will often require that they not have a valid shell. You don't want that sort of change (possibly required by local audit policies) to break the package. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87y50xv3l1....@windlord.stanford.edu