su and runuser

Paul Howarth paul at city-fan.org
Tue Sep 26 14:13:03 UTC 2006


Aaron Konstam wrote:
> On Tue, 2006-09-26 at 13:46 +0100, Paul Howarth wrote:
>> Tim wrote:
>>> On Mon, 2006-09-25 at 15:45 -0400, Steven W. Orr wrote:
>>>> After all that, if it works, please never use su the way you described
>>>> above. At the very least use su - -c etc...
>>> Having seen that in another topic, made me wonder about something I'm
>>> doing.  My /etc/rc.local file has a string of lines in it like the
>>> following:  su tim -c "/usr/bin/fetchmail -d 900"
>>>
>>> Should I be doing it like this, instead:
>>> su - tim -c "/usr/bin/fetchmail -d 900"
>> Or even:
>>
>> /sbin/runuser tim -c "/usr/bin/fetchmail -d 900"
>>
> I am a little confused about runuser. Anyone can run it and the man page
> says it does not ask for a passwd. That seems like a security hole.

Where does it say that anyone can run it? It just fails rather than 
prompting for a password. This is useful behaviour in scripts where a 
password prompt might cause a script to hang, whereas a simple failure 
can be catered for.

Paul.




More information about the fedora-list mailing list