Just for the sake of additional useless info...
/usr/lib/embedded_su is just a symlink to /bin/su.
The /bin/su binary switches between interactive and embedded mode
based on argv[0]
Cheers,
Niall.
On Wed, 2006-11-01 at 12:11 +0000, Stephen Browne wrote:
> Ghee,
>
> embedded_su is intended to be used from other applications as a helper
> to request user credentials. This is why it is in /usr/lib.
> Binaries in /usr/sbin are ones that you can normally run from the
> command line. This has nothing to do with binary or interface stability.
>
> Stephen.
>
> On Wed, 2006-11-01 at 10:54, Ghee Teo wrote:
> > Hi Jim,
> >
> > Thanks for reply.
> > I got even more confused now reading with the mail indentation and
> > comment to the code
> > that does not exist :)
> >
> > One slightly unrelated question, embedded_su(1M) nclaims its stability
> > level to be
> > stable, why is it then it is install in /usr/lib, should it not be in
> > /usr/sbin?
> > (BTW, if this is already answered in the ARC case, just tell me to shut
> > up okay :)
> >
> > -Ghee
> >
> >
> >
> > Jim Li wrote:
> > > Hi Ghee,
> > >
> > > I totally agree your point, it's hard to review a patch's patch. So I
> > > add some comments in this case, hope it help
> > >
> > > thank you, Ghee, for your review and suggestion!
> > >
> > > Jim
> > > Ghee Teo wrote:
> > >
> > >
> > >> This is just a general comment, can the submitter in general provide a
> > >> short description of the fix.
> > >> Especially when the patch is a patch to an existing patch. Since the
> > >> idea of the review is
> > >> to improve the quality of patches, and the idea of more eyes on a
> > >> piece of code will help.
> > >> However if the code is just a snipplet, with out some explanation text
> > >> that would be hard.
> > >> I don't believe anyone who does not own the component can make
> > >> reasonable comment
> > >> with this patch for example.
> > >>
> > >> So some minimum explanation text please in the future review patches
> > >> :), please
> > >>
> > >> -Ghee
> > >>
> > >>
> > >> Jim Li wrote:
> > >>
> > >>
> > >>> Hey,
> > >>>
> > >>> Please review the following change to libgksu1.2-04-rabc-support.diff.
> > >>> Welcome any suggestion and comments.
> > >>>
> > >>> Thanks,
> > >>>
> > >>> Jim
> > >>> ------------------------------------------------------------------------
> > >>>
> > >>> Index: ChangeLog
> > >>> ===================================================================
> > >>> --- ChangeLog (revision 9602)
> > >>> +++ ChangeLog (working copy)
> > >>> @@ -1,3 +1,9 @@
> > >>> +2006-10-30 Jim Li <jim.li at sun.com>
> > >>> +
> > >>> + * patches/libgksu1.2-04-rbac-support.diff:
> > >>> + add echo command when try to validate user's password.
> > >>> + fix a bug that it hang when it's invoded as a root.
> > >>> +
> > >>> 2006-10-30 Irene Huang <irene.huang at sun.com>
> > >>>
> > >>> * gnome-session.spec: add patch 10-gnome-volcheck-default-session.diff
> > >>> Index: patches/libgksu1.2-04-rbac-support.diff
> > >>> ===================================================================
> > >>> --- patches/libgksu1.2-04-rbac-support.diff (revision 9602)
> > >>> +++ patches/libgksu1.2-04-rbac-support.diff (working copy)
> > >>> @@ -1,5 +1,5 @@
> > >>> ---- libgksu1.2-1.3.1.orig/libgksu/gksu-context.c 2005-06-18
> > >>> 22:16:33.000000000 +0800
> > >>> -+++ libgksu1.2-1.3.1/libgksu/gksu-context.c 2006-10-19
> > >>> 16:41:10.678082000 +0800
> > >>> +--- libgksu1.2-1.3.1.orig/libgksu/gksu-context.c Sat Jun 18 22:16:33
> > >>> 2005
> > >>> ++++ libgksu1.2-1.3.1/libgksu/gksu-context.c Mon Oct 30 19:30:25 2006
> > >>> @@ -23,7 +23,13 @@
> > >>> #include <unistd.h>
> > >>> #include <string.h>
> > >>> @@ -329,7 +329,7 @@
> > >>> if (!context->command)
> > >>> {
> > >>> -@@ -1496,3 +1697,977 @@
> > >>> +@@ -1496,3 +1697,983 @@
> > >>> return FALSE;
> > >>> }
> > >>> @@ -417,6 +417,12 @@
> > >>>
> > > add some source code above this diff:
> > >
> > > argcount = 0;
> > >
> > > cmd[argcount] = g_strdup("/usr/lib/embedded_su");
> > >
> > >
> > >>> + cmd[argcount] = g_strdup (context->user);
> > >>> + argcount++;
> > >>> +
> > >>> ++ cmd[argcount] = g_strdup ("-c");
> > >>> ++ argcount++;
> > >>> ++
> > >>> ++ cmd[argcount] = g_strdup ("echo > /dev/null");
> > >>> ++ argcount++;
> > >>> ++
> > >>> + cmd[argcount] = NULL;
> > >>> +
> > >>> + pid = fork();
> > >>>
> > >>
> > > execn(cmd[0], cmd);
> > >
> > > the goal of this paragraph code is to check if need password when try to
> > > assume another user ro role ( context->user ), the old code doesn't
> > > provide any command just like:
> > > /usr/lib/embedded_su user
> > > When it find the embedded_su need a password, it simply kill the child
> > > process and return TRUE.
> > > if embedded_su doesn't need a password, it should execute a null command
> > > and immediately return instead of fork a shell and hang there
> > >
> >
>
