conf/128433: [patch] Add option to allow a full login when doing 'su' in /etc/rc.subr

Volker Theile votdev at gmx.de
Tue Oct 28 10:10:02 UTC 2008 

>Number:         128433
>Category:       conf
>Synopsis:       [patch] Add option to allow a full login when doing 'su' in /etc/rc.subr
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 28 10:10:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Volker Theile
>Release:        FreeBSD 6.4rc1
>Organization:
>Environment:
>Description:
To allow running an application using a specific user i have to modify the /etc/rc.subr script because the current
implementation does not do a full login when using 'su'. But sometimes it is necessary to do a full login to allow the application to
read/write config data in the user home directory.

To enable a full login when doing a 'su' the application rc-script can be modified the following way:

xxx_user=${xxx_user:-"xyz"}
xxx_suopt=${xxx_suopt:-"-l"}

Please see also http://lists.freebsd.org/pipermail/freebsd-rc/2008-October/001511.html

Don't know if this behaviour can be solved another way, but if not, i think it is a useful enhancement. Anyway,
i'm wondering that nobody else had this problem till now.

Regards
Volker

>How-To-Repeat:
Try to run transmission daemon as user 'transmission'. It fails to start the daemon because it was not possible to read/write config data in /root/.config/transmission_daemon.

Using the patch a full login will be done when doing 'su' in rc.subr and the daemon will read/write config data in /home/transmission/.config/transmission_daemon

>Fix:
--- rc.subr.orig	2008-10-28 10:01:04.000000000 +0100
+++ rc.subr	2008-10-28 09:56:20.000000000 +0100
@@ -438,6 +438,8 @@
 #				to run the chrooted ${command} with.
 #				Requires /usr to be mounted.
 #
+#	${name}_suopt	n	Command parameter for 'su'. Default is '-m'.
+#
 #	${rc_arg}_cmd	n	If set, use this as the method when invoked;
 #				Otherwise, use default command (see below)
 #
@@ -595,7 +597,8 @@
 	fi
 	eval _chdir=\$${name}_chdir	_chroot=\$${name}_chroot \
 	    _nice=\$${name}_nice	_user=\$${name}_user \
-	    _group=\$${name}_group	_groups=\$${name}_groups
+	    _group=\$${name}_group	_groups=\$${name}_groups \
+		_suopt=\$${name}_suopt
 
 	if [ -n "$_user" ]; then	# unset $_user if running as that user
 		if [ "$_user" = "$(eval $IDCMD)" ]; then
@@ -603,6 +606,10 @@
 		fi
 	fi
 
+	if [ -z "$_suopt" ]; then # set default value
+		_suopt="-m"
+	fi
+
 					# if ${rcvar} is set, and $1 is not
 					# "rcvar", then run
 					#	checkyesno ${rcvar}
@@ -673,7 +680,7 @@
 ${_chdir:+cd $_chdir && }\
 $command $rc_flags $command_args"
 				if [ -n "$_user" ]; then
-				    _doit="su -m $_user -c 'sh -c \"$_doit\"'"
+				    _doit="su $_suopt $_user -c 'sh -c \"$_doit\"'"
 				fi
 				if [ -n "$_nice" ]; then
 					if [ -z "$_user" ]; then
@@ -852,7 +859,7 @@
 
 	_cmd="kill -$1 $rc_pid"
 	if [ -n "$_user" ]; then
-		_cmd="su -m ${_user} -c 'sh -c \"${_cmd}\"'"
+		_cmd="su ${_suopt} ${_user} -c 'sh -c \"${_cmd}\"'"
 	fi
 	echo "$_cmd"
 }

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list