Am 11.05.2014 22:49, schrieb Michael Biebl: > Am 11.05.2014 19:37, schrieb Helmut Grohne: > >> I trust you to be technically right on this. Still the number of >> packages getting this wrong is stunning[1]. Therefore I'd argue that > >> [1] http://codesearch.debian.net/search?q=su+-c+path%3Adebian%2F+path%3Ainit > > If I counted correctly, there are 5 packages using su in their init > script, dirmngr being one of them. Considering that we have ~1200 SysV > init scripts in Debian, I don't consider this number stunning at all. > And yes, we should fix those init scripts.
Seems this codesearch query was incomplete indeed. I did a grep over a local archive checkout (from 2014-01-11) The result is 62 occurences of the string "su ", in 40 different SysV init scripts (see attachement). Still a quite manageable number. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
auth2db/init.d/auth2db: su -p -s /bin/sh "$USER" -c "$DAEMON $1 3>/dev/null" bucardo/init.d/bucardo: su bucardo --command "$DAEMON start" bucardo/init.d/bucardo: su bucardo --command "$DAEMON reload_config" bucardo/init.d/bucardo: su bucardo --command "$DAEMON stop" buildbot/init.d/buildmaster: su -s /bin/sh \ buildbot-slave/init.d/buildslave: su $suopt - ${SLAVE_USER[$mi]} \ clamav-freshclam/init.d/clamav-freshclam: su "$DatabaseOwner" -p -s /bin/sh -c "freshclam -l $UpdateLogFile --datadir $DatabaseDirectory" console-log/init.d/console-log: if su --shell=$SHELL --command="head -n 1 $file" $USER > /dev/null 2>&1; then couchdb/init.d/couchdb: if su $COUCHDB_USER -c "$command"; then cpushare/init.d/cpushare: if ! su nobody -c /usr/lib/cpushare/seccomp-test >/dev/null 2>&1; then dirmngr/init.d/dirmngr: output=$(su -c ". /lib/lsb/init-functions && umask 027 && start_daemon -p $PIDFILE $DAEMON --daemon --sh" dirmngr) || return 1 distributed-net/init.d/distributed-net: su daemon -c "chrt -b 0 $DAEMON $OPTIONS" distributed-net/init.d/distributed-net: su daemon -c "$DAEMON $OPTIONS -shutdown" > /dev/null 2>&1 distributed-net/init.d/distributed-net: su daemon -c "$DAEMON $OPTIONS -restart" 2> /dev/null distributed-net/init.d/distributed-net: su daemon -c "$DAEMON $OPTIONS -restart" 2> /dev/null distributed-net/init.d/distributed-net: su daemon -c "$DAEMON $OPTIONS -fetch" distributed-net/init.d/distributed-net: su daemon -c "$DAEMON $OPTIONS -flush" distributed-net/init.d/distributed-net: su daemon -c "$DAEMON $OPTIONS -update" echolot/init.d/echolot: su "$USER" -c "$command" ejabberd/init.d/ejabberd: su $EJABBERDUSER -c "$EJABBERDCTL $action" >/dev/null ejabberd/init.d/ejabberd: su $EJABBERDUSER -c "$EJABBERD -noshell -detached" ejabberd/init.d/ejabberd: exec su $EJABBERDUSER -c "$EJABBERD" fetchmail/init.d/fetchmail: su -s /bin/sh -c "/usr/bin/strace -tt $* $DAEMON $OPTIONS --nosyslog --nodetach -v -v" $USER <&- 2>&1 fetchmail/init.d/fetchmail: su -s /bin/sh -c "$DAEMON $OPTIONS --nosyslog --nodetach -v -v" $USER <&- 2>&1 flumotion/init.d/flumotion: su -s /bin/sh -c "umask 026; unset HOME; $1" flumotion freevo/init.d/freevo_encodingserver: exec su --shell /bin/sh freevo -c "$0 $@" freevo/init.d/freevo_recordserver: exec su --shell /bin/sh freevo -c "$0 $@" freevo/init.d/freevo_rssserver: exec su --shell /bin/sh freevo -c "$0 $@" freevo/init.d/freevo_webserver: exec su --shell /bin/sh freevo -c "$0 $@" freevo/init.d/freevo_xserver: openvt -f -c 9 -- su --shell /bin/sh freevo -c "startx $DAEMONLOG -- :1 vt9 -quiet" freevo/init.d/freevo_xserver: su --shell /bin/sh freevo -c "$DAEMON --stop" freevo/init.d/freevo_xserver: su --shell /bin/sh freevo -c "$DAEMON --stop" gozerbot/init.d/gozerbot: su $RUNUSER -c "$NAME >> /var/log/gozerbot.log 2>&1 &" gozerbot/init.d/gozerbot: su $RUNUSER -c gozerbot-init inn2/init.d/inn2: su news -c /usr/lib/news/bin/rc.news > /var/log/news/rc.news 2>&1 inn2/init.d/inn2: su news -c '/usr/lib/news/bin/rc.news stop' >> /var/log/news/rc.news 2>&1 jenkins/init.d/jenkins: # so we let su do so for us now jenkins-slave/init.d/jenkins-slave: # so we let su do so for us now jsonbot/init.d/jsonbot: su $RUNUSER -c "jsb-fleet -d $DATADIR $ARGSTRING 2>/dev/null &" jsonbot/init.d/jsonbot: su $RUNUSER -c "jsb-init -d /var/cache/jsb" lfc-dli/init.d/lfc-dli: $DAEMON "su $LFCUSER -c \"$DLIDAEMON -l $DLIDAEMONLOGFILE\"" libapache2-mod-shib2/init.d/shibd: DIAG=$(su -s $DAEMON $DAEMON_USER -- -t $DAEMON_OPTS 2>/dev/null) nethack-common/init.d/nethack-common: # a child shell through 'su -c', so instead we use a helper nethack-common/init.d/nethack-common: su --shell=/bin/sh -c /usr/lib/games/nethack/recover-helper "$owner" nvi/init.d/nviboot: (su - nobody -s /bin/sh -c "$SENDMAIL $owner < $i" &) </dev/null >/dev/null 2>&0 opennebula/init.d/opennebula: su oneadmin -s /bin/sh -c 'one start' opennebula/init.d/opennebula: su oneadmin -s /bin/sh -c 'one stop' opennebula-sunstone/init.d/opennebula-sunstone: su oneadmin -s /bin/sh -c "$DAEMON start" opennebula-sunstone/init.d/opennebula-sunstone: su oneadmin -s /bin/sh -c "$DAEMON stop" pgbouncer/init.d/pgbouncer: su -c "$DAEMON -R $OPTS 2> /dev/null" - $RUNASUSER pgpool2/init.d/pgpool2: su -c "$DAEMON -n $OPTS 2>&1 </dev/null | logger -t pgpool -p ${PGPOOL_SYSLOG_FACILITY:-local0}.info >/dev/null 2>&1 &" - postgres powerman/init.d/powerman: ERRMSG=`su "$USER" -c "/sbin/start_daemon \ powerman/init.d/powerman: ERRMSG=`su "$USER" -c "$nice \"$DAEMON\" $DAEMON_ARGS" 2>&1` remote-tty/init.d/remote-tty: su rttymgr -c "/usr/sbin/startsrv *" rotter/init.d/rotter: while ! su - $USER -c jack_lsp > /dev/null 2>&1; do slashem-common/init.d/slashem-common: # a child shell through 'su -c', so instead we use a helper slashem-common/init.d/slashem-common: su "$owner" -c /usr/lib/games/slashem/recover-helper slony1-2-bin/init.d/slony1: su -c ". /lib/lsb/init-functions ; umask 027 ; start_daemon -p $(pidfile $1) $DAEMON -f $(conffile $1) -p $(pidfile $1) >>$(logfile $1) 2>&1 </dev/null &" - postgres slony1-2-bin/init.d/slony1: is_running $1 || su -c "umask 027 ; slon_start ${cluster+"--config /etc/slony1/slon_tools_${cluster}.conf"} --pidfile $(pidfile $1) $SLON_START_ARGS $node >/dev/null" - postgres torrus-common/init.d/torrus-common: su="/bin/su ${user} -c" voms-server/init.d/voms: su -c "TNS_ADMIN=\"$tnsvalue\" ${voms} --conf ${etcpath}/voms/$vo/voms.conf" -s /bin/bash $VOMS_USER yaws/init.d/yaws: su -l $YAWS_USER -c "$script"
signature.asc
Description: OpenPGP digital signature