From owner-freebsd-bugs@FreeBSD.ORG Tue Oct 28 10:10:02 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 78D5C1065680 for ; Tue, 28 Oct 2008 10:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 563B78FC2C for ; Tue, 28 Oct 2008 10:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id m9SAA1QH019765 for ; Tue, 28 Oct 2008 10:10:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id m9SAA1UC019764; Tue, 28 Oct 2008 10:10:01 GMT (envelope-from gnats) Resent-Date: Tue, 28 Oct 2008 10:10:01 GMT Resent-Message-Id: <200810281010.m9SAA1UC019764@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Volker Theile Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D75E1106567D for ; Tue, 28 Oct 2008 10:03:44 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id B41CA8FC1A for ; Tue, 28 Oct 2008 10:03:44 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id m9SA3iVa053408 for ; Tue, 28 Oct 2008 10:03:44 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id m9SA3iIA053407; Tue, 28 Oct 2008 10:03:44 GMT (envelope-from nobody) Message-Id: <200810281003.m9SA3iIA053407@www.freebsd.org> Date: Tue, 28 Oct 2008 10:03:44 GMT From: Volker Theile To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: conf/128433: [patch] Add option to allow a full login when doing 'su' in /etc/rc.subr X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2008 10:10:02 -0000 >Number: 128433 >Category: conf >Synopsis: [patch] Add option to allow a full login when doing 'su' in /etc/rc.subr >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Oct 28 10:10:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Volker Theile >Release: FreeBSD 6.4rc1 >Organization: >Environment: >Description: To allow running an application using a specific user i have to modify the /etc/rc.subr script because the current implementation does not do a full login when using 'su'. But sometimes it is necessary to do a full login to allow the application to read/write config data in the user home directory. To enable a full login when doing a 'su' the application rc-script can be modified the following way: xxx_user=${xxx_user:-"xyz"} xxx_suopt=${xxx_suopt:-"-l"} Please see also http://lists.freebsd.org/pipermail/freebsd-rc/2008-October/001511.html Don't know if this behaviour can be solved another way, but if not, i think it is a useful enhancement. Anyway, i'm wondering that nobody else had this problem till now. Regards Volker >How-To-Repeat: Try to run transmission daemon as user 'transmission'. It fails to start the daemon because it was not possible to read/write config data in /root/.config/transmission_daemon. Using the patch a full login will be done when doing 'su' in rc.subr and the daemon will read/write config data in /home/transmission/.config/transmission_daemon >Fix: --- rc.subr.orig 2008-10-28 10:01:04.000000000 +0100 +++ rc.subr 2008-10-28 09:56:20.000000000 +0100 @@ -438,6 +438,8 @@ # to run the chrooted ${command} with. # Requires /usr to be mounted. # +# ${name}_suopt n Command parameter for 'su'. Default is '-m'. +# # ${rc_arg}_cmd n If set, use this as the method when invoked; # Otherwise, use default command (see below) # @@ -595,7 +597,8 @@ fi eval _chdir=\$${name}_chdir _chroot=\$${name}_chroot \ _nice=\$${name}_nice _user=\$${name}_user \ - _group=\$${name}_group _groups=\$${name}_groups + _group=\$${name}_group _groups=\$${name}_groups \ + _suopt=\$${name}_suopt if [ -n "$_user" ]; then # unset $_user if running as that user if [ "$_user" = "$(eval $IDCMD)" ]; then @@ -603,6 +606,10 @@ fi fi + if [ -z "$_suopt" ]; then # set default value + _suopt="-m" + fi + # if ${rcvar} is set, and $1 is not # "rcvar", then run # checkyesno ${rcvar} @@ -673,7 +680,7 @@ ${_chdir:+cd $_chdir && }\ $command $rc_flags $command_args" if [ -n "$_user" ]; then - _doit="su -m $_user -c 'sh -c \"$_doit\"'" + _doit="su $_suopt $_user -c 'sh -c \"$_doit\"'" fi if [ -n "$_nice" ]; then if [ -z "$_user" ]; then @@ -852,7 +859,7 @@ _cmd="kill -$1 $rc_pid" if [ -n "$_user" ]; then - _cmd="su -m ${_user} -c 'sh -c \"${_cmd}\"'" + _cmd="su ${_suopt} ${_user} -c 'sh -c \"${_cmd}\"'" fi echo "$_cmd" } >Release-Note: >Audit-Trail: >Unformatted: