Simon McVittie <simon.mcvit...@collabora.co.uk> writes: > On 18/12/14 14:10, Dale R. Worley wrote: >> Simon McVittie <simon.mcvit...@collabora.co.uk> writes: >>> On 18/12/14 08:05, Andrei Borzenkov wrote: >>>> Any initscript that is using "su -" would [cause badness] >>> >>> Don't do that then? Init scripts are fairly clearly not login sessions. >>> Which init scripts do that? >> >> More to the point, why would an initscript do that, since it's *already* >> running as root? > > su isn't just for becoming root; it can also cause transitions from root > to a less privileged user ("su -c 'my-app-clear-cache' daemon" is one > example of something that an init script might want to do).
Yeah, ack, that was my mistake. I was confusing "su", "su [user]", and "su - [user]". But the question is about the "su - [user]" form, which is basically intended to start a new login session (as far as I can see from the man page), since it gives the user's shell a "-" in argv[0], which is intended to instruct the shell to run the user's initializations, etc. Which means that the question I should have asked is "Why would an initscript use 'su -', as that is intended to start a new login session?" Frederic Crozat <fcro...@suse.com> writes: > Unfortunately, we don't always have a choice, when initscripts are not > shipped as part of packages in the distribution but shipped by an ISV or > a random external software :( And it seems that the answer is, "They do that, even if we think they shouldn't." Dale _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel