On 18/12/14 14:10, Dale R. Worley wrote: > Simon McVittie <simon.mcvit...@collabora.co.uk> writes: >> On 18/12/14 08:05, Andrei Borzenkov wrote: >>> Any initscript that is using "su -" would [cause badness] >> >> Don't do that then? Init scripts are fairly clearly not login sessions. >> Which init scripts do that? > > More to the point, why would an initscript do that, since it's *already* > running as root?
su isn't just for becoming root; it can also cause transitions from root to a less privileged user ("su -c 'my-app-clear-cache' daemon" is one example of something that an init script might want to do). > Though I'm sufficiently out of the loop regarding the architecture that > I don't see how "su" can have such complexities -- As far as I know, its > purpose is to create a subprocess whose UID is different from the UID of > this process; in no way is it intended to be "a separate login". If this was ever true, it ceased to be true when su started running PAM modules. This is what I meant about su having multiple roles, and not being particularly good at any of them... S _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel