Hi! On Mon, 2014-05-12 at 22:50:39 -0700, Noah Meyerhans wrote: > There are two reasons I use su in /etc/cron.daily/spamassassin. One is > to change uid/gid, and the other is to reset the shell environment to a > base state. The need for this was highlighted in bug 738951. I doubt > that this is a problem unique to spamassassin. > > 'su -l' takes care of both uid switching and environment cleansing. > start-stop-daemon only helps with the first. The appropriate solution > for resetting the environment isn't apparent. Should s-s-d be extended > with such functionality? Or is there a more appropriate tool that I'm > missing?
Ok, there seems to be two issues here, one is the environment inherited by the cronjob from cron(8), which is the one inherited by the daemon itself, depending on how it was started. The other (I take) is the environment inherited by the cron script when invoked from the maintainer script. While both are related they have different origin. There's <https://bugs.debian.org/720163> against s-s-d, although as I mention there I'm not really comfortable resetting the environment by default as that implies a somewhat Debian specific policy hardcoded in s-s-d, but adding a new option or set of options for that would be appropriate. Or maybe just possibly taking the whitelist from a file shipped as part of base-files or similar would be fine too. Then there's <https://bugs.debian.org/631081#58> against dpkg. But also as I mention there, the fix might need to be applied somewhere else, probably invoke-rc.d(8) or service(8). The problem with both those requests, if implemented, is that they would still not cover all entry points and people would still end up with dirty environments, say when invoking /etc/init.d/script directly, or because the environment might still affect other parts of the maint or init scripts besides the ones under dpkg or s-s-d control. Thanks, Guillem -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140513064731.ga14...@gaara.hadrons.org
