[systemd-devel] logind, su - sessions and initscripts compatibility

Simon McVittie simon.mcvittie at collabora.co.uk
Thu Dec 18 04:19:44 PST 2014


On 18/12/14 08:05, Andrei Borzenkov wrote:
> Any initscript that is using "su -" would [cause badness]

Don't do that then? Init scripts are fairly clearly not login sessions.
Which init scripts do that?

In Debian, our init scripts would typically use "start-stop-daemon
--chuid whateveruser  --start whateverd" instead of su. Does your
distribution have an equivalent?

I'm gradually forming the opinion that su should be considered
deprecated for both its roles (interactive privilege
escalation/privilege-dropping for one-off commands or interactive
shells, and automated uid swapping), because it doesn't do either of
them particularly well; in particular, it doesn't sanitize environment
variables by default (you have to remember the "-" which has other
side-effects), and the need for the command to be a shell command-line
rather than an argument vector makes it hard to use securely.

sudo/pkexec/etc. make good replacements for "su -" for interactive use,
and something like start-stop-daemon or "chroot --userspec=whateveruser
/ -- command" (with recent coreutils) can replace "su" for automated uid
swapping. Both of these make it easy to do something like

    subprocess.call(['sudo', '--', executable] + argv)

without needing to involve a shell at all, and if you do need to
evaluate shell syntax,

    subprocess.call(['sudo', '--', '/bin/sh', '-c',
        shellcommandline])

solves that for you. (For non-Python users: replace subprocess.call with
your favourite way to execute a command specified with an executable and
an array of arguments, such as g_spawn_async().)

    S



More information about the systemd-devel mailing list