su and runuser
Aaron Konstam
akonstam at sbcglobal.net
Tue Sep 26 20:58:47 UTC 2006
On Tue, 2006-09-26 at 15:13 +0100, Paul Howarth wrote:
> Aaron Konstam wrote:
> > On Tue, 2006-09-26 at 13:46 +0100, Paul Howarth wrote:
> >> Tim wrote:
> >>> On Mon, 2006-09-25 at 15:45 -0400, Steven W. Orr wrote:
> >>>> After all that, if it works, please never use su the way you described
> >>>> above. At the very least use su - -c etc...
> >>> Having seen that in another topic, made me wonder about something I'm
> >>> doing. My /etc/rc.local file has a string of lines in it like the
> >>> following: su tim -c "/usr/bin/fetchmail -d 900"
> >>>
> >>> Should I be doing it like this, instead:
> >>> su - tim -c "/usr/bin/fetchmail -d 900"
> >> Or even:
> >>
> >> /sbin/runuser tim -c "/usr/bin/fetchmail -d 900"
> >>
> > I am a little confused about runuser. Anyone can run it and the man page
> > says it does not ask for a passwd. That seems like a security hole.
>
> Where does it say that anyone can run it? It just fails rather than
> prompting for a password. This is useful behaviour in scripts where a
> password prompt might cause a script to hang, whereas a simple failure
> can be catered for.
>
> Paul.
You are actually correct and I am being difficult. I am referring to the
fact that the permissions on runuser are 755 which would imply that it
can be run by anyone.
--
Aaron Konstam <akonstam at sbcglobal.net>
More information about the fedora-list
mailing list