Date: Tue, 28 Oct 2008 10:03:44 GMT From: Volker Theile <votdev@gmx.de> To: freebsd-gnats-submit@FreeBSD.org Subject: conf/128433: [patch] Add option to allow a full login when doing 'su' in /etc/rc.subr Message-ID: <200810281003.m9SA3iIA053407@www.freebsd.org> Resent-Message-ID: <200810281010.m9SAA1UC019764@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 128433 >Category: conf >Synopsis: [patch] Add option to allow a full login when doing 'su' in /etc/rc.subr >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Oct 28 10:10:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Volker Theile >Release: FreeBSD 6.4rc1 >Organization: >Environment: >Description: To allow running an application using a specific user i have to modify the /etc/rc.subr script because the current implementation does not do a full login when using 'su'. But sometimes it is necessary to do a full login to allow the application to read/write config data in the user home directory. To enable a full login when doing a 'su' the application rc-script can be modified the following way: xxx_user=${xxx_user:-"xyz"} xxx_suopt=${xxx_suopt:-"-l"} Please see also http://lists.freebsd.org/pipermail/freebsd-rc/2008-October/001511.html Don't know if this behaviour can be solved another way, but if not, i think it is a useful enhancement. Anyway, i'm wondering that nobody else had this problem till now. Regards Volker >How-To-Repeat: Try to run transmission daemon as user 'transmission'. It fails to start the daemon because it was not possible to read/write config data in /root/.config/transmission_daemon. Using the patch a full login will be done when doing 'su' in rc.subr and the daemon will read/write config data in /home/transmission/.config/transmission_daemon >Fix: --- rc.subr.orig 2008-10-28 10:01:04.000000000 +0100 +++ rc.subr 2008-10-28 09:56:20.000000000 +0100 @@ -438,6 +438,8 @@ # to run the chrooted ${command} with. # Requires /usr to be mounted. # +# ${name}_suopt n Command parameter for 'su'. Default is '-m'. +# # ${rc_arg}_cmd n If set, use this as the method when invoked; # Otherwise, use default command (see below) # @@ -595,7 +597,8 @@ fi eval _chdir=\$${name}_chdir _chroot=\$${name}_chroot \ _nice=\$${name}_nice _user=\$${name}_user \ - _group=\$${name}_group _groups=\$${name}_groups + _group=\$${name}_group _groups=\$${name}_groups \ + _suopt=\$${name}_suopt if [ -n "$_user" ]; then # unset $_user if running as that user if [ "$_user" = "$(eval $IDCMD)" ]; then @@ -603,6 +606,10 @@ fi fi + if [ -z "$_suopt" ]; then # set default value + _suopt="-m" + fi + # if ${rcvar} is set, and $1 is not # "rcvar", then run # checkyesno ${rcvar} @@ -673,7 +680,7 @@ ${_chdir:+cd $_chdir && }\ $command $rc_flags $command_args" if [ -n "$_user" ]; then - _doit="su -m $_user -c 'sh -c \"$_doit\"'" + _doit="su $_suopt $_user -c 'sh -c \"$_doit\"'" fi if [ -n "$_nice" ]; then if [ -z "$_user" ]; then @@ -852,7 +859,7 @@ _cmd="kill -$1 $rc_pid" if [ -n "$_user" ]; then - _cmd="su -m ${_user} -c 'sh -c \"${_cmd}\"'" + _cmd="su ${_suopt} ${_user} -c 'sh -c \"${_cmd}\"'" fi echo "$_cmd" } >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810281003.m9SA3iIA053407>