0.6.3 tricks to run task as specific user?
Enrico Scholz
enrico.scholz at sigma-chemnitz.de
Mon Jan 10 12:08:15 UTC 2011
Scott James Remnant <scott-Umf49k1wg4FWk0Htik3J/w at public.gmane.org>
writes:
> While there is direct support for this coming in Upstart, it pretty
> much amounts to exec'ing "su" for you...
Are you really executing 'su' or something like setuidgid[1]? 'su'
would be bad because it spawns a shell (which is usually /sbin/nologin
or so for system accounts) and interpretes the given command string in
the shell. 'setuidgid' would be much better because it simply execv's
its arguments after changing the id.
Enrico
Footnotes:
[1] http://cr.yp.to/daemontools/setuidgid.html
More information about the upstart-devel
mailing list