Re: su and runuser

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2006-09-26 at 15:58 -0500, Aaron Konstam wrote:
> On Tue, 2006-09-26 at 15:13 +0100, Paul Howarth wrote:
> > Aaron Konstam wrote:
> > > On Tue, 2006-09-26 at 13:46 +0100, Paul Howarth wrote:
> > >> Tim wrote:
> > >>> On Mon, 2006-09-25 at 15:45 -0400, Steven W. Orr wrote:
> > >>>> After all that, if it works, please never use su the way you described
> > >>>> above. At the very least use su - -c etc...
> > >>> Having seen that in another topic, made me wonder about something I'm
> > >>> doing.  My /etc/rc.local file has a string of lines in it like the
> > >>> following:  su tim -c "/usr/bin/fetchmail -d 900"
> > >>>
> > >>> Should I be doing it like this, instead:
> > >>> su - tim -c "/usr/bin/fetchmail -d 900"
> > >> Or even:
> > >>
> > >> /sbin/runuser tim -c "/usr/bin/fetchmail -d 900"
> > >>
> > > I am a little confused about runuser. Anyone can run it and the man page
> > > says it does not ask for a passwd. That seems like a security hole.
> > 
> > Where does it say that anyone can run it? It just fails rather than 
> > prompting for a password. This is useful behaviour in scripts where a 
> > password prompt might cause a script to hang, whereas a simple failure 
> > can be catered for.
> > 
> > Paul.
> You are actually correct and I am being difficult. I am referring to the
> fact that the permissions on runuser are 755 which would imply that it
> can be run by anyone.
Of course it can be run by anyone.  It checks internally to see who is
running it to decide what permissions it grants.

The su command does the same, as do most of the system-config-xxxx progs
so they know how to act based on who called the program.



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux