Bug 460547

Summary: Use of runuser might be preferred to su -
Product: Red Hat Satellite 5 Reporter: Jan Pazdziora <jpazdziora>
Component: ServerAssignee: Michael Mráka <mmraka>
Status: CLOSED CURRENTRELEASE QA Contact: Jeff Browning <jbrownin>
Severity: low Docs Contact:
Priority: low    
Version: 520CC: tlestach
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: sat530 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-10 19:11:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 457079    

Description Jan Pazdziora 2008-08-28 15:01:26 UTC
While investigating RHEL 4.5 setup for bug 391771, I came across su - oracle not working for account which was not active.

I asked the PAM maintainer about the problem and in the course of conversation, he mentioned that for automated root -> user execution in scripts, runuser is preferred to su -.

I wonder if we want to check our code and do a mass move from su - to runuser.

Comment 1 Brandon Perkins 2008-10-08 16:34:36 UTC
As this can be related to the whole su, sudo, runuser WRT SELinux, we are placing it under sat530-selinux for "creative bug accounting".

Comment 2 Michael Mráka 2008-10-24 07:17:45 UTC
Fixed in Spacewalk (bug 467877) git repo, commits
74cfd061509a505f4d6ea96747d867f384d184da..e343f683abf829198f68934f620ad06e


commit e343f683abf829198f68934f620ad03c9d9bd06e
    Automatic commit of package [spacewalk-search] release [0.3.3-1].
commit 9cba3d453e1b9be8a935f6a9377c1c02d3f1d643
    467877 - modified %changelog entry
commit 3bee62ba1ccb7c0de624caac3942233d8dbe89b0
    467877 - use runuser instead of su
commit 2bb23925f0c1cff3bdb73bd82febf2037bd05136
    Automatic commit of package [spacewalk-setup] release [0.3.6-1].
commit b44bb2fb22d5ba582560f67f47c682455e65ac50
    467877 - modified %changelog entry
commit cf36116353462215ccf2a0a3cedb5177588ccf46
    467877 - use runuser instead of su
commit bd6e1e1f8687fd7865cfba28999f4d404e3768fb
    Automatic commit of package [tsdb] release [1.27.16-1].
commit 6f3fe8d02ce2da0c0afff7e7456317da9d6d9822
    467877 - modified %changelog entry
commit 9155bd4e499c357ee0fdcd24d619c6a812a22681
    Automatic commit of package [rhnmd] release [5.1.1-1].
commit c914d34db33468187ad5117c3e4cc181b7cdbe9e
    add Makefile
commit 3a9f2dffd3499d752e81273b82daec2fcc71a134
    467877 - modified %changelog entry
commit de887eb22824f8fbb8c41f7a70b103ffba4497d3
    467877 - use runuser instead of su
commit e3725c710425e5ae971f385b9fd0ae0052c11c0c
    Automatic commit of package [spacewalk-java] release [0.3.3-1].
commit 8ade617a3a6cdc128581e204277a3199c37d28be
    467877 - modified %changelog entry
commit 0528b111bcbfd29a9d7c913372df9ffa7ff95deb
    467877 - use runuser instead of su
commit f96431236f05d097e3d182b116a759115bb9fdac
    merging to overcome spacewalk-web-0.3.2-1 tag problem
commit 4b2a8ecc314371c5a7f1e012d1dc362e48873c26
    Automatic commit of package [spacewalk-web] release [0.3.2-1].
commit d1c15b5dad9c9883ac9b351687bd914cb07a8268
    467877 - modified %changelog entry
commit a017d4a705cf5ce89ea3c17df413390b274606a5
    Automatic commit of package [spacewalk-web] release [0.3.2-1].
commit c66fbfc95eb747fd23d7f18b07934dc2b9ac651e
    467877 - modified %changelog entry
commit 4ec2291e6045bd12d5cf22a7b900d06f866ccd42
    467877 - use runuser instead of su

Comment 3 wes hayutin 2009-01-14 20:28:50 UTC
testplan
using the URL http://git.fedoraproject.org/git/?p=spacewalk.git;a=commitdiff;h=$REPLACE WITH COMMIT_HASH

check each file for the change rhnuser instead of su- 

moving to  jbrownin

Comment 4 Jan Pazdziora 2009-01-15 12:59:01 UTC
We should not restrict ourselves to changes done with the above commits.

Proper QA should check all Satellite packages that we ship and see if in *all* cases where it makes sense, su - was replaced.

Comment 5 Jeff Browning 2009-03-04 21:45:39 UTC
Verified the change in Sat 530

Comment 6 Tomas Lestach 2009-09-08 09:15:56 UTC
Occurrences of "su -" were correctly replaced by "ruhuser".
In the meantime new "su -" constructions were implemented. For those I created Bug#521764.

Stage validated -> RELEASE_PENDING

Comment 7 Brandon Perkins 2009-09-10 19:11:12 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1434.html