Upstart's own exec stanza spawns a shell, and interprets the given command string in the shell as well.
The nominal difference between 'su' and a simple 'setuidgid' is that 'su' invokes a full PAM session, which I think is preferable as this is necessary to correctly set up environment, limits and soforth. Scott On Mon, Jan 10, 2011 at 12:08 PM, Enrico Scholz <[email protected]> wrote: > Scott James Remnant <scott-Umf49k1wg4FWk0Htik3J/[email protected]> > writes: > >> While there is direct support for this coming in Upstart, it pretty >> much amounts to exec'ing "su" for you... > > Are you really executing 'su' or something like setuidgid[1]? 'su' > would be bad because it spawns a shell (which is usually /sbin/nologin > or so for system accounts) and interpretes the given command string in > the shell. 'setuidgid' would be much better because it simply execv's > its arguments after changing the id. > > > Enrico > > Footnotes: > [1] http://cr.yp.to/daemontools/setuidgid.html > > -- > upstart-devel mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/upstart-devel > -- upstart-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/upstart-devel
