Coda File System

Re: Daemon

From: Ivan Popov <pin_at_medic.chalmers.se>
Date: Fri, 20 Feb 2004 09:44:44 +0100 (MET)
On Thu, 19 Feb 2004, Jan Harkes wrote:

> > cat /etc/coda/apache_passwd | su www-data -c /usr/bin/clog

> ... clog can drop the root priviledges and setuid to the user without
> the help of su.
> 55 */3 * * *  root  /usr/bin/clog -as www-data websrv_at_coda.cs.cmu.edu < /etc/clog/websrv

I think it is not necessary to include and maintain in clog
a pretty well separatable feature,
carefully implemented in a readily available program (su).

If you really do not want to write a one-liner with "su" where you
need it (which is a sufficient and safe way),
let us use a script called say clog-as like that:
------------------------------
#!/bin/sh
case x"$1" in
x) echo "Usage: clog-as <uid> [<clog-arguments>]"; exit 1 ;;
esac
uid="$1"; shift
exec su "$uid" -c clog "$@"
exit 1
------------------------------

Otherwise people will be
 - confused about the meaning of the -as option
 - trying to run with -as flag as non-root
 - trying to make clog setuid root
with other words it opens a totally unnecessary can of worms...

My 0.2c
--
Ivan
Received on 2004-02-20 03:46:49