On Saturday 29 August 2015 06:18:56 Reco wrote: > Hi. > > On Sat, 29 Aug 2015 11:49:12 +1200 > > Chris Bannister <cbannis...@slingshot.co.nz> wrote: > > On Fri, Aug 28, 2015 at 07:12:32PM +0300, Reco wrote: > > > To: > > > > > > Well, there have been long discussions about this, but the problem > > > is that what "su" is supposed to do is very unclear. On one hand > > > it's supposed *to open a new session* and change a number of > > > execution context parameters (uid, gid, env, ...), and on the > > > other it's supposed to inherit a lot concepts from the originating > > > session (tty, cgroup, audit, ...). > > > > > > > > > I'm kind of surprised that the bug was not closed as WONTFIX. > > > su(1) is not a "full login", but it's not supposed to provide one > > > anyway. > > > > su - <name> > > > > Has always worked fine for me. What's the problem? > > https://github.com/systemd/systemd/issues/825 says: > > su[1980]: pam_systemd(su-l:session): Cannot create session: Already > running in a session > > Why the bug report implies that pam_systemd shoud create a new > 'session' (whatever it means by 'session') *and* set some obscure > environment variables is beyond me. Especially since su(1) directly > says that su should not create session, it should reuse an existing > one. > > Reco Now I am again confused. As the admin for my 4 machine home network, there are things that run as other users, so I'll use amanda, the backup program as an example here.
In order to adjust any of its configuration, and do it without mucking with file ownerships & permissions, I much first do a sudo -i to make me an immortal root. Then I can either "su amanda", or su amanda -c "geany filename" so that for the duration of that commands execution, I am the user amanda. Some distro's setup a "backup" group and make amanda a member, but those distro's do not always preserve the amanda tenet of running with just enough permissions to get the job done, so I tend to steer clear and only install from the tarball. My web page in the sig is also on this machine, all running in another users sandbox, so again to manage that, I have to do the 'become root' bit, then edit and keep track of perms with chown/chmod which I can only do with the sudo -i phantom roor. If su goes away, IMNSHO, it will be such a PITA that it will encourage far more people to just give up and run their machines as root full time. And I don't believe for a millisecond that is the effect intended. So, if su goes away, how do I accomplish those tasks in a suitable manner that will not bore a hole in the user sandbox? Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
