[packages/eventum: 11/14] seems only reliable and useful way to switch user is sudo

[Elan Ruusamae]

On 4/23/18 11:39 PM, Jacek Konieczny wrote:

> On 2018-04-23 19:40, Jakub Bogusz wrote:
>> On Mon, Apr 23, 2018 at 07:13:53PM +0200, glen wrote:
>>> commit db2ce4e265ef36c31a6bef09e13a300d756d927b
>>> Author: Elan Ruusamäe <glen at delfi.ee>
>>> Date:   Mon Apr 16 22:10:58 2018 +0300
>>>
>>>      seems only reliable and useful way to switch user is sudo
>>>   # run database update if configured
>>>   test -s %{_webappdir}/config.php && \
>>> -runuser -u http -- %{_appdir}/bin/upgrade.php || :
>>> +sudo -H -u http -- %{_appdir}/bin/upgrade.php || :
>> Why not su?
>> su - http -s /bin/sh ...
> There is also 'setuidgid' which just changes uid/gid without bothering
> with all that user session stuff (usually pointless for daemons and
> system scripts).

su, failed to find working combination that reset env. and it's is so 
tied to everything is shell, that i want to puke

# su - http -s /bin/sh /bin/id
/bin/id: no closing quote
/bin/id[4]: : not found
/bin/id[4]: ��: not found
/bin/id[4]: �: not found
/bin/id[4]: +Џ: not found
/bin/id[4]: I�: not found
/bin/id[4]: N�: not found
/bin/id: syntax error: unexpected '�'
/bin/id: syntax error: unexpected ')'


setuidgid does not reset env, and seems our own script, which probably 
has never been audited.

➔ setuidgid --help
setuidgid: invalid option -- '-'
setuidgid $Rev$ (PLD Linux rc-scripts)

Usage: setuidgid [OPTIONS] account command ...
Run a command under the uid and gid of an account.

-s        Also set supplementary groups
-V        Show version information
-h        Show usage information

i wanted something standard and maintained.

but as replied in other thread: 
http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2018-April/025531.html

setpriv+env can be used:
https://github.com/karelzak/util-linux/issues/325#issuecomment-381722770