| Summary: | Wrong su declaration in several init.d scripts | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | tuXXer <bs.net> |
| Component: | Current packages | Assignee: | Martin Schlemmer (RETIRED) <azarah> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | seemant, vapier |
| Priority: | High | ||
| Version: | 1.4_rc4 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
man page reads this: su [-] [username [args]] that means: su - $PGUSER -c "/usr/bin/pg_ctl stop -D '$PGDATA' -s -m fast" is correct i run programs like this: su proxy /home/proxy/start and it starts the program 'start' under the user 'proxy' Well I've tried su - jetty /opt/jetty/bin/jetty.sh and su - jetty -c "/opt/jetty/bin/jetty.sh" and the result was: 1. The environment variable of user jetty wasn't set 2. And the process were executed as root. When I ran: su -c "/opt/jetty/bin/jetty.sh" - jetty all where fine. The documentation of su says that su execution in combination with user log in should be as follow: su -c COMMAND - USER To the man page. The full man page says: su [OPTION]... [-] [USER [ARG]...] IMHO that means: OPTION: options of su, that means -c aso. USER: username ARG: other arguments Well, O.K. on Solaris and AIX the man page of su says: su [-] [username [args]] on Linux: su [OPTION]... [-] [USER [ARG]...] therefore su - -c COMMAND USER => may seems O.K. on Linux and su -c COMMAND - USER => seems O.K. on Linux and su - USER -c COMMAND => seems O.K. on Solaris IMHO a adapted script for SOLARIS aso. and LINUX should solve the problem. *shrug* ill leave it to az to decide Well, after several tests on different machines (x86) it seems that
su - USER -c COMMAND
is the right executon command.
Here my tests command and results:
su - USER -c COMMAND => executed as USER
su -c COMMAND - USER => executed as root
su - COMMAND USER => error
Info-Page:
su [OPTION]... [USER [ARG]...]
The program accepts the following options. Also see *Note Common
options::.
`-c COMMAND'
`--command=COMMAND'
Pass COMMAND, a single command line to run, to the shell with a
`-c' option instead of starting an interactive shell.
`-'
`-l'
`--login'
Make the shell a login shell. This means the following. Unset all
environment variables except `TERM', `HOME', and `SHELL' (which
are set as described above), and `USER' and `LOGNAME' (which are
set, even for the super-user, as described above), and set `PATH'
to a compiled-in default value. Change to USER's home directory.
Prepend `-' to the shell's name, intended to make it read its
login startup file(s).
Well it seems that the the man and info page isn't clear at that point. -c is a COMMAND, but
could only be passed as ARG???
It is not clear if that is a GNU/su bug or a documentation fault...
Sorry
This is my manpage:
--------------------------------------
NAME
su - change user ID or become super-user
SYNOPSIS
su [-] [username [args]]
DESCRIPTION
su is used to become another user during a login session. Invoked without a username, su defaults to becoming the super user. The
optional argument - may be used to provide an environment similiar to what the user would expect had the user logged in directly.
---------------------------------
Meaning:
su - <user> -c foobar
is the right way. Note that su do not have a '-c' option. Also,
the '[args]' is for the shell that will be invoked.
The problem it seems, is that we use su from sys-apps/shadow, but
sys-apps/coreutils includes it in its info page ...
Something like:
-------------------------------
cd ${S}
for x in man/Makefile.*
do
sed -i -e 's:su.1 ::g' ${x}
done
-------------------------------
in src_unpack() should do it, but I guess a patch
will be better. Also, we may only want to touch Makefile.in.
coreutils-5.0-r1 do not have the su info page anymore. |
The init.d the following init.d script may be wrong declared, because of wrong su parameters: - PostgreSQL - Tomcat. An excution of a program as an other user must be declared as followed: su -c COMMAND - USER The su excution lines of the above scripts reads: su - $PGUSER -c "/usr/bin/pg_ctl stop -D '$PGDATA' -s -m fast" and su - ${CATALINA_USER} -c "/opt/tomcat/bin/catalina.sh ${TOMCAT_START}" as far as I know with this lines the username where ignored and the program would be excecuted as root and not as user without several priviledges. IMHO, the lines must read as followed: su -c "/usr/bin/pg_ctl stop -D '$PGDATA' -s -m fast" - $PGUSER and su -c "/opt/tomcat/bin/catalina.sh ${TOMCAT_START}" - ${CATALINA_USER}