(Illustration by Gaich Muramatsu)
On Thu, 19 Feb 2004, Jan Harkes wrote: > > cat /etc/coda/apache_passwd | su www-data -c /usr/bin/clog > ... clog can drop the root priviledges and setuid to the user without > the help of su. > 55 */3 * * * root /usr/bin/clog -as www-data websrv_at_coda.cs.cmu.edu < /etc/clog/websrv I think it is not necessary to include and maintain in clog a pretty well separatable feature, carefully implemented in a readily available program (su). If you really do not want to write a one-liner with "su" where you need it (which is a sufficient and safe way), let us use a script called say clog-as like that: ------------------------------ #!/bin/sh case x"$1" in x) echo "Usage: clog-as <uid> [<clog-arguments>]"; exit 1 ;; esac uid="$1"; shift exec su "$uid" -c clog "$@" exit 1 ------------------------------ Otherwise people will be - confused about the meaning of the -as option - trying to run with -as flag as non-root - trying to make clog setuid root with other words it opens a totally unnecessary can of worms... My 0.2c -- IvanReceived on 2004-02-20 03:46:49