On 4/23/18 11:39 PM, Jacek Konieczny wrote:
On 2018-04-23 19:40, Jakub Bogusz wrote:
On Mon, Apr 23, 2018 at 07:13:53PM +0200, glen wrote:
commit db2ce4e265ef36c31a6bef09e13a300d756d927b
Author: Elan Ruusamäe <g...@delfi.ee>
Date: Mon Apr 16 22:10:58 2018 +0300
seems only reliable and useful way to switch user is sudo
# run database update if configured
test -s %{_webappdir}/config.php && \
-runuser -u http -- %{_appdir}/bin/upgrade.php || :
+sudo -H -u http -- %{_appdir}/bin/upgrade.php || :
Why not su?
su - http -s /bin/sh ...
There is also 'setuidgid' which just changes uid/gid without bothering
with all that user session stuff (usually pointless for daemons and
system scripts).
su, failed to find working combination that reset env. and it's is so
tied to everything is shell, that i want to puke
# su - http -s /bin/sh /bin/id
/bin/id: no closing quote
/bin/id[4]: : not found
/bin/id[4]: ��: not found
/bin/id[4]: �: not found
/bin/id[4]: +Џ: not found
/bin/id[4]: I�: not found
/bin/id[4]: N�: not found
/bin/id: syntax error: unexpected '�'
/bin/id: syntax error: unexpected ')'
setuidgid does not reset env, and seems our own script, which probably
has never been audited.
➔ setuidgid --help
setuidgid: invalid option -- '-'
setuidgid $Rev$ (PLD Linux rc-scripts)
Usage: setuidgid [OPTIONS] account command ...
Run a command under the uid and gid of an account.
-s Also set supplementary groups
-V Show version information
-h Show usage information
i wanted something standard and maintained.
but as replied in other thread:
http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2018-April/025531.html
setpriv+env can be used:
https://github.com/karelzak/util-linux/issues/325#issuecomment-381722770
_______________________________________________
pld-devel-en mailing list
pld-devel-en@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
