On Tue, 2006-09-26 at 15:13 +0100, Paul Howarth wrote: > Aaron Konstam wrote: > > On Tue, 2006-09-26 at 13:46 +0100, Paul Howarth wrote: > >> Tim wrote: > >>> On Mon, 2006-09-25 at 15:45 -0400, Steven W. Orr wrote: > >>>> After all that, if it works, please never use su the way you described > >>>> above. At the very least use su - -c etc... > >>> Having seen that in another topic, made me wonder about something I'm > >>> doing. My /etc/rc.local file has a string of lines in it like the > >>> following: su tim -c "/usr/bin/fetchmail -d 900" > >>> > >>> Should I be doing it like this, instead: > >>> su - tim -c "/usr/bin/fetchmail -d 900" > >> Or even: > >> > >> /sbin/runuser tim -c "/usr/bin/fetchmail -d 900" > >> > > I am a little confused about runuser. Anyone can run it and the man page > > says it does not ask for a passwd. That seems like a security hole. > > Where does it say that anyone can run it? It just fails rather than > prompting for a password. This is useful behaviour in scripts where a > password prompt might cause a script to hang, whereas a simple failure > can be catered for. > > Paul. You are actually correct and I am being difficult. I am referring to the fact that the permissions on runuser are 755 which would imply that it can be run by anyone. -- Aaron Konstam <akonstam@xxxxxxxxxxxxx>
