On Mon, 12 May 2014, Noah Meyerhans wrote:
> On Sun, May 11, 2014 at 11:12:08AM +1000, Brian May wrote:
> > What about the task of running a short program for a brief duration, e.g.
> > from cron scripts? Is using su considered acceptable?
I thought s-s-d is for starting dæmons, not for things like that¹.
> 'su -l' takes care of both uid switching and environment cleansing.
> start-stop-daemon only helps with the first. The appropriate solution
tglase@tglase:~ $ cat /usr/bin/cleanenv
#!/bin/sh
# $MirOS: src/scripts/cleanenv,v 1.4+notz+xorg 2009/03/29 13:04:20 tg Exp $
p=/bin:/usr/bin:/sbin:/usr/sbin
if test x"$1" = x"-"; then
shift
exec /usr/bin/env -i \
PATH=$p HOME=/ \
"$@"
fi
exec /usr/bin/env -i \
PATH=$p $(locale 2>/dev/null | fgrep LC_CTYPE) \
DISPLAY="$DISPLAY" HOME="${HOME:-/}" TERM="${TERM:-vt100}" USER="${USER}" \
"$@"
I’m using this like: 'cd /; cleanenv - /etc/init.d/apache2 start'
> for resetting the environment isn't apparent. Should s-s-d be extended
> with such functionality? Or is there a more appropriate tool that I'm
s-s-d is already way too complex, see also ① above.
On Tue, 13 May 2014, Colin Watson wrote:
> perl -e '@pwd = getpwnam("man"); $( = $) = $pwd[3]; $< = $> = $pwd[2];
> exec "/usr/bin/mandb", @ARGV' -- "$@" || true
Would this work?
chroot --userspec=man:man / /usr/bin/mandb
This, like su(1), has the benefit of being in base.
It does not, like the other solutions, address things
like environment cleaning, setting up the environment
variables that should be changed for the new user, etc.
People use su(1) because ⓐ it’s in base, and ⓑ it’s
the right tool for the job on other Unix-like OSes
and has been it on GNU/Linux systems. Abusing chroot(8)
like this is… an “interesting” solution, but it avoids
pulling in (and configuring!) sudo(8). After all, the
local admin controls sudoers(5), and there is absolutely
no guarantee that root is permitted to use it, without
questioning for a password, logging, etc.
bye,
//mirabilos
--
«MyISAM tables -will- get corrupted eventually. This is a fact of life. »
“mysql is about as much database as ms access” – “MSSQL at least descends
from a database” “it's a rebranded SyBase” “MySQL however was born from a
flatfile and went downhill from there” – “at least jetDB doesn’t claim to
be a database” ‣‣‣ Please, http://deb.li/mysql and MariaDB, finally die!
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/alpine.deb.2.10.1405131126500.23...@tglase.lan.tarent.de
