[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: su and runuser



Aaron Konstam wrote:
On Tue, 2006-09-26 at 13:46 +0100, Paul Howarth wrote:
Tim wrote:
On Mon, 2006-09-25 at 15:45 -0400, Steven W. Orr wrote:
After all that, if it works, please never use su the way you described
above. At the very least use su - -c etc...
Having seen that in another topic, made me wonder about something I'm
doing.  My /etc/rc.local file has a string of lines in it like the
following:  su tim -c "/usr/bin/fetchmail -d 900"

Should I be doing it like this, instead:
su - tim -c "/usr/bin/fetchmail -d 900"
Or even:

/sbin/runuser tim -c "/usr/bin/fetchmail -d 900"

I am a little confused about runuser. Anyone can run it and the man page
says it does not ask for a passwd. That seems like a security hole.

Where does it say that anyone can run it? It just fails rather than prompting for a password. This is useful behaviour in scripts where a password prompt might cause a script to hang, whereas a simple failure can be catered for.

Paul.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]