[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: su and runuser
- From: Aaron Konstam <akonstam sbcglobal net>
- To: For users of Fedora Core releases <fedora-list redhat com>
- Subject: Re: su and runuser
- Date: Tue, 26 Sep 2006 15:58:47 -0500
On Tue, 2006-09-26 at 15:13 +0100, Paul Howarth wrote:
> Aaron Konstam wrote:
> > On Tue, 2006-09-26 at 13:46 +0100, Paul Howarth wrote:
> >> Tim wrote:
> >>> On Mon, 2006-09-25 at 15:45 -0400, Steven W. Orr wrote:
> >>>> After all that, if it works, please never use su the way you described
> >>>> above. At the very least use su - -c etc...
> >>> Having seen that in another topic, made me wonder about something I'm
> >>> doing. My /etc/rc.local file has a string of lines in it like the
> >>> following: su tim -c "/usr/bin/fetchmail -d 900"
> >>>
> >>> Should I be doing it like this, instead:
> >>> su - tim -c "/usr/bin/fetchmail -d 900"
> >> Or even:
> >>
> >> /sbin/runuser tim -c "/usr/bin/fetchmail -d 900"
> >>
> > I am a little confused about runuser. Anyone can run it and the man page
> > says it does not ask for a passwd. That seems like a security hole.
>
> Where does it say that anyone can run it? It just fails rather than
> prompting for a password. This is useful behaviour in scripts where a
> password prompt might cause a script to hang, whereas a simple failure
> can be catered for.
>
> Paul.
You are actually correct and I am being difficult. I am referring to the
fact that the permissions on runuser are 755 which would imply that it
can be run by anyone.
--
Aaron Konstam <akonstam sbcglobal net>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]