On Tue, Sep 04, 2012 at 05:18:43PM +0200, Karel Zak wrote: > > Hi, > > I did some changes to the su(1): > > - add --group= option to specify the primary group > - add --supp-group= option to specify a supplemental group > > the both options are based on Fedora runuser(1) patch and it's > available for root only (non-root cannot specify any groups). > > > I have also added new command runuser(1) -- it's completely based on > su(1) code. The difference is that runuser does not ask for password, > has to be executed by root and it uses different PAM configuration > (/etc/pam.d/runuser[-l]). > > The changes should be available in v2.23 (or easily backported to > 2.22, I'll do that for Fedora). > > See master branch and "git whatchanged login-utils/". > > Karel > Hi Karel, I think we're missing out on an opportunity with runuser. su insists on starting a shell which, among other subtle problems, leads to the largeer problem of quoting and escaping the command passed to the -c flag. I think we should do something like this: - separate out argument parsing to runuser and su - remove most of the flags from runuser (-f, -c, -l, -, -s), add a -u flag (optional, for user) - create a single common entry point for creating a session - separate out the run command logic With a name like runuser, I would expect that its purpose would be to simply run commands (and not necessarily get a shell for a user, as is done with su). runuser could take non-option arguments as argv for the new command so that we'd have examples like this: runuser -u notroot vi /etc/fstab runuser notroot foocmd embedded '"quotes"' runuser -u notroot foocmd has args "with spaces" sometimes If you still desperately want to abuse the command to create a shell for a user, then you just do that: runuser -u notroot -- /bin/sh - I can't make any guarantees that I'll be able to offers patches for this myself, but I'll definitely be taking a look if I have some free time. Just thought I'd bring up the idea, since it's always been a pet peeve of mine to fix if ever there were an opportunity for a mulligan on su (and this is it!). Cheers, Dave -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
