[systemd-devel] logind, su - sessions and initscripts compatibility
simon.mcvittie at collabora.co.uk
Thu Dec 18 04:19:44 PST 2014
On 18/12/14 08:05, Andrei Borzenkov wrote:
> Any initscript that is using "su -" would [cause badness]
Don't do that then? Init scripts are fairly clearly not login sessions.
Which init scripts do that?
In Debian, our init scripts would typically use "start-stop-daemon
--chuid whateveruser --start whateverd" instead of su. Does your
distribution have an equivalent?
I'm gradually forming the opinion that su should be considered
deprecated for both its roles (interactive privilege
escalation/privilege-dropping for one-off commands or interactive
shells, and automated uid swapping), because it doesn't do either of
them particularly well; in particular, it doesn't sanitize environment
variables by default (you have to remember the "-" which has other
side-effects), and the need for the command to be a shell command-line
rather than an argument vector makes it hard to use securely.
sudo/pkexec/etc. make good replacements for "su -" for interactive use,
and something like start-stop-daemon or "chroot --userspec=whateveruser
/ -- command" (with recent coreutils) can replace "su" for automated uid
swapping. Both of these make it easy to do something like
subprocess.call(['sudo', '--', executable] + argv)
without needing to involve a shell at all, and if you do need to
evaluate shell syntax,
subprocess.call(['sudo', '--', '/bin/sh', '-c',
solves that for you. (For non-Python users: replace subprocess.call with
your favourite way to execute a command specified with an executable and
an array of arguments, such as g_spawn_async().)
More information about the systemd-devel