On Fri, Sep 07, 2012 at 02:07:16PM +0200, Karel Zak wrote: > On Wed, Sep 05, 2012 at 05:28:04PM -0400, Dave Reisner wrote: > > > I think we're missing out on an opportunity with runuser. su insists on > > > starting a shell which, among other subtle problems, leads to the > > > largeer problem of quoting and escaping the command passed to the -c > > > flag. I think we should do something like this: > > good point > > > > - separate out argument parsing to runuser and su > > > - remove most of the flags from runuser (-f, -c, -l, -, -s), add a -u > > > flag (optional, for user) > > > - create a single common entry point for creating a session > > > - separate out the run command logic > > well, we still need to initialize the session and it would be also > to have independent PAM setting for "login-like-session" (-l - options). > > > > With a name like runuser, I would expect that its purpose would be to > > > simply run commands (and not necessarily get a shell for a user, as is > > > done with su). runuser could take non-option arguments as argv for the > > > new command so that we'd have examples like this: > > > > > > runuser -u notroot vi /etc/fstab > > > runuser notroot foocmd embedded '"quotes"' > > > runuser -u notroot foocmd has args "with spaces" sometimes > > > > > > If you still desperately want to abuse the command to create a shell for > > > a user, then you just do that: > > > > > > runuser -u notroot -- /bin/sh - > > well, but it will NOT use /etc/pam.d/runuser-l > > I agree that -f -s -c are unnecessary (and -c is wrong at all...). It > would be probably better to support: > > runuser [-u] notroot [<command> [arg]] > > and if <command> is not specified then start a shell, and if -l is > specified create a login-like session. I like all this. > > > Hrmm... I had no idea that runuser was an existing command in the RedHat > > world, which makes my idea of a "mulligan" less feasible. Boo. > > Well, that's question if we (upstream) have to care about one crazy > distro specific command. Maybe we can introduce a new command (with a > different name) and ignore the original runuser. For good reason the > command has not been accepted by coreutils upstream. > > Any suggestion for the new name? > > runuid > runid > execuser I'm digging deep, back to my windows admin days -- perhaps 'runas'? Maybe something shorter? Could we use 'ru' (a step back!) for irony? ;P > I have no problem to revert the runuser patch, really ;-) It was > probably too hasty decision to merge whole my su branch. > > Karel > > -- > Karel Zak <kzak@xxxxxxxxxx> > http://karelzak.blogspot.com > -- > To unsubscribe from this list: send the line "unsubscribe util-linux" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
