[systemd-devel] logind, su - sessions and initscripts compatibility

Simon McVittie simon.mcvittie at collabora.co.uk
Thu Dec 18 06:20:38 PST 2014

On 18/12/14 14:10, Dale R. Worley wrote:
> Simon McVittie <simon.mcvittie at collabora.co.uk> writes:
>> On 18/12/14 08:05, Andrei Borzenkov wrote:
>>> Any initscript that is using "su -" would [cause badness]
>> Don't do that then? Init scripts are fairly clearly not login sessions.
>> Which init scripts do that?
> More to the point, why would an initscript do that, since it's *already*
> running as root?

su isn't just for becoming root; it can also cause transitions from root
to a less privileged user ("su -c 'my-app-clear-cache' daemon" is one
example of something that an init script might want to do).

> Though I'm sufficiently out of the loop regarding the architecture that
> I don't see how "su" can have such complexities -- As far as I know, its
> purpose is to create a subprocess whose UID is different from the UID of
> this process; in no way is it intended to be "a separate login".

If this was ever true, it ceased to be true when su started running PAM

This is what I meant about su having multiple roles, and not being
particularly good at any of them...


More information about the systemd-devel mailing list