[systemd-devel] logind, su - sessions and initscripts compatibility
Dale R. Worley
worley at alum.mit.edu
Fri Dec 19 08:16:58 PST 2014
Simon McVittie <simon.mcvittie at collabora.co.uk> writes:
> On 18/12/14 14:10, Dale R. Worley wrote:
>> Simon McVittie <simon.mcvittie at collabora.co.uk> writes:
>>> On 18/12/14 08:05, Andrei Borzenkov wrote:
>>>> Any initscript that is using "su -" would [cause badness]
>>>
>>> Don't do that then? Init scripts are fairly clearly not login sessions.
>>> Which init scripts do that?
>>
>> More to the point, why would an initscript do that, since it's *already*
>> running as root?
>
> su isn't just for becoming root; it can also cause transitions from root
> to a less privileged user ("su -c 'my-app-clear-cache' daemon" is one
> example of something that an init script might want to do).
Yeah, ack, that was my mistake. I was confusing "su", "su [user]", and
"su - [user]". But the question is about the "su - [user]" form, which
is basically intended to start a new login session (as far as I can see
from the man page), since it gives the user's shell a "-" in argv[0],
which is intended to instruct the shell to run the user's
initializations, etc.
Which means that the question I should have asked is "Why would an
initscript use 'su -', as that is intended to start a new login
session?"
Frederic Crozat <fcrozat at suse.com> writes:
> Unfortunately, we don't always have a choice, when initscripts are not
> shipped as part of packages in the distribution but shipped by an ISV or
> a random external software :(
And it seems that the answer is, "They do that, even if we think they
shouldn't."
Dale
More information about the systemd-devel
mailing list