conf/128433: [patch] Add option to allow a full login when doing
'su' in /etc/rc.subr
Volker Theile
votdev at gmx.de
Tue Oct 28 10:10:02 UTC 2008
>Number: 128433
>Category: conf
>Synopsis: [patch] Add option to allow a full login when doing 'su' in /etc/rc.subr
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Oct 28 10:10:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Volker Theile
>Release: FreeBSD 6.4rc1
>Organization:
>Environment:
>Description:
To allow running an application using a specific user i have to modify the /etc/rc.subr script because the current
implementation does not do a full login when using 'su'. But sometimes it is necessary to do a full login to allow the application to
read/write config data in the user home directory.
To enable a full login when doing a 'su' the application rc-script can be modified the following way:
xxx_user=${xxx_user:-"xyz"}
xxx_suopt=${xxx_suopt:-"-l"}
Please see also http://lists.freebsd.org/pipermail/freebsd-rc/2008-October/001511.html
Don't know if this behaviour can be solved another way, but if not, i think it is a useful enhancement. Anyway,
i'm wondering that nobody else had this problem till now.
Regards
Volker
>How-To-Repeat:
Try to run transmission daemon as user 'transmission'. It fails to start the daemon because it was not possible to read/write config data in /root/.config/transmission_daemon.
Using the patch a full login will be done when doing 'su' in rc.subr and the daemon will read/write config data in /home/transmission/.config/transmission_daemon
>Fix:
--- rc.subr.orig 2008-10-28 10:01:04.000000000 +0100
+++ rc.subr 2008-10-28 09:56:20.000000000 +0100
@@ -438,6 +438,8 @@
# to run the chrooted ${command} with.
# Requires /usr to be mounted.
#
+# ${name}_suopt n Command parameter for 'su'. Default is '-m'.
+#
# ${rc_arg}_cmd n If set, use this as the method when invoked;
# Otherwise, use default command (see below)
#
@@ -595,7 +597,8 @@
fi
eval _chdir=\$${name}_chdir _chroot=\$${name}_chroot \
_nice=\$${name}_nice _user=\$${name}_user \
- _group=\$${name}_group _groups=\$${name}_groups
+ _group=\$${name}_group _groups=\$${name}_groups \
+ _suopt=\$${name}_suopt
if [ -n "$_user" ]; then # unset $_user if running as that user
if [ "$_user" = "$(eval $IDCMD)" ]; then
@@ -603,6 +606,10 @@
fi
fi
+ if [ -z "$_suopt" ]; then # set default value
+ _suopt="-m"
+ fi
+
# if ${rcvar} is set, and $1 is not
# "rcvar", then run
# checkyesno ${rcvar}
@@ -673,7 +680,7 @@
${_chdir:+cd $_chdir && }\
$command $rc_flags $command_args"
if [ -n "$_user" ]; then
- _doit="su -m $_user -c 'sh -c \"$_doit\"'"
+ _doit="su $_suopt $_user -c 'sh -c \"$_doit\"'"
fi
if [ -n "$_nice" ]; then
if [ -z "$_user" ]; then
@@ -852,7 +859,7 @@
_cmd="kill -$1 $rc_pid"
if [ -n "$_user" ]; then
- _cmd="su -m ${_user} -c 'sh -c \"${_cmd}\"'"
+ _cmd="su ${_suopt} ${_user} -c 'sh -c \"${_cmd}\"'"
fi
echo "$_cmd"
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list