В Fri, 19 Dec 2014 11:16:58 -0500 [email protected] (Dale R. Worley) пишет:
> Simon McVittie <[email protected]> writes: > > On 18/12/14 14:10, Dale R. Worley wrote: > >> Simon McVittie <[email protected]> writes: > >>> On 18/12/14 08:05, Andrei Borzenkov wrote: > >>>> Any initscript that is using "su -" would [cause badness] > >>> > >>> Don't do that then? Init scripts are fairly clearly not login sessions. > >>> Which init scripts do that? > >> > >> More to the point, why would an initscript do that, since it's *already* > >> running as root? > > > > su isn't just for becoming root; it can also cause transitions from root > > to a less privileged user ("su -c 'my-app-clear-cache' daemon" is one > > example of something that an init script might want to do). > > Yeah, ack, that was my mistake. I was confusing "su", "su [user]", and > "su - [user]". But the question is about the "su - [user]" form, which > is basically intended to start a new login session (as far as I can see > from the man page), since it gives the user's shell a "-" in argv[0], > which is intended to instruct the shell to run the user's > initializations, etc. > > Which means that the question I should have asked is "Why would an > initscript use 'su -', as that is intended to start a new login > session?" > There is not a single word about "login session" in su man page. It says it starts "login shell" - but "login session" is not created by shell so I do not see where you draw this conclusion from. The primary reason to use "su -" in this cases is a) get a clean environment and b) make started shell read usual startup files to ensure some known state for running programs. Actually the only difference between "login" and "non login" shells is which startup files are processed. > Frederic Crozat <[email protected]> writes: > > Unfortunately, we don't always have a choice, when initscripts are not > > shipped as part of packages in the distribution but shipped by an ISV or > > a random external software :( > > And it seems that the answer is, "They do that, even if we think they > shouldn't." > Please give a link to systemd documentation where it says "you should not do it". _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
