Re: su and runuser

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2006-09-26 at 15:13 +0100, Paul Howarth wrote:
> Aaron Konstam wrote:
> > On Tue, 2006-09-26 at 13:46 +0100, Paul Howarth wrote:
> >> Tim wrote:
> >>> On Mon, 2006-09-25 at 15:45 -0400, Steven W. Orr wrote:
> >>>> After all that, if it works, please never use su the way you described
> >>>> above. At the very least use su - -c etc...
> >>> Having seen that in another topic, made me wonder about something I'm
> >>> doing.  My /etc/rc.local file has a string of lines in it like the
> >>> following:  su tim -c "/usr/bin/fetchmail -d 900"
> >>>
> >>> Should I be doing it like this, instead:
> >>> su - tim -c "/usr/bin/fetchmail -d 900"
> >> Or even:
> >>
> >> /sbin/runuser tim -c "/usr/bin/fetchmail -d 900"
> >>
> > I am a little confused about runuser. Anyone can run it and the man page
> > says it does not ask for a passwd. That seems like a security hole.
> 
> Where does it say that anyone can run it? It just fails rather than 
> prompting for a password. This is useful behaviour in scripts where a 
> password prompt might cause a script to hang, whereas a simple failure 
> can be catered for.
> 
> Paul.
You are actually correct and I am being difficult. I am referring to the
fact that the permissions on runuser are 755 which would imply that it
can be run by anyone.
-- 
Aaron Konstam <akonstam@xxxxxxxxxxxxx>


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux