[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: su and runuser



On Tue, 2006-09-26 at 15:13 +0100, Paul Howarth wrote:
> Aaron Konstam wrote:
> > On Tue, 2006-09-26 at 13:46 +0100, Paul Howarth wrote:
> >> Tim wrote:
> >>> On Mon, 2006-09-25 at 15:45 -0400, Steven W. Orr wrote:
> >>>> After all that, if it works, please never use su the way you described
> >>>> above. At the very least use su - -c etc...
> >>> Having seen that in another topic, made me wonder about something I'm
> >>> doing.  My /etc/rc.local file has a string of lines in it like the
> >>> following:  su tim -c "/usr/bin/fetchmail -d 900"
> >>>
> >>> Should I be doing it like this, instead:
> >>> su - tim -c "/usr/bin/fetchmail -d 900"
> >> Or even:
> >>
> >> /sbin/runuser tim -c "/usr/bin/fetchmail -d 900"
> >>
> > I am a little confused about runuser. Anyone can run it and the man page
> > says it does not ask for a passwd. That seems like a security hole.
> 
> Where does it say that anyone can run it? It just fails rather than 
> prompting for a password. This is useful behaviour in scripts where a 
> password prompt might cause a script to hang, whereas a simple failure 
> can be catered for.
> 
> Paul.
You are actually correct and I am being difficult. I am referring to the
fact that the permissions on runuser are 755 which would imply that it
can be run by anyone.
-- 
Aaron Konstam <akonstam sbcglobal net>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]