Bug 134588 – Change from using su to runuser in initscripts

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 134588 - Change from using su to runuser in initscripts

Summary:	Change from using su to runuser in initscripts

Status:	CLOSED RAWHIDE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	postgresql (Show other bugs)
Sub Component:
Version:	rawhide
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Tom Lane
QA Contact:	David Lawrence
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2004-10-04 16:26 EDT by Daniel Walsh
Modified:	2013-07-02 23:02 EDT (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2004-10-05 15:37:47 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Patch for changeing su to runuser (2.12 KB, text/plain) 2004-10-04 16:29 EDT, Daniel Walsh	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Daniel Walsh 2004-10-04 16:26:57 EDT

We have created a newversion of the su command called runuser, which
will run a program as a different user.  The command can only be run
as root and will not use pam or prompt for passwords.  Otherwize it
works exactly as su.  This change is needed by SELinux in order to
support proper transitioning on process execution.  

Attached is a patch to the postgressql.init file to make the change.

Comment 1 Daniel Walsh 2004-10-04 16:29:23 EDT

Created attachment 104745 [details]
Patch for changeing su to runuser

Comment 2 Tom Lane 2004-10-04 17:01:49 EDT

This seems mighty messy: instead of using the upstream-maintained init
file, every Red Hat package will now have to roll its own, or at least
resign ourselves to patching the upstream forevermore.

Couldn't we fix things so that /etc/rc.d/init.d/functions aliases su
to runuser, and then the init scripts would not need to be hacked
individually?

Comment 3 Daniel Walsh 2004-10-04 17:47:41 EDT

Yes, it already is(will be).  This is only for init scripts that are
not  using the daemon function in /etc/init.d/functions.

Dan

Comment 4 Tom Lane 2004-10-04 19:37:47 EDT

Mph.  daemon() isn't going to go over well either, so I guess I'm
stuck.  Will do.  This is only for FC3 and beyond, right?

Comment 5 Tom Lane 2004-10-04 21:06:14 EDT

In hopes of not breaking the initscript for non-SELinux systems,
I am thinking of

if [ -x /bin/runuser ]
then
    SU=runuser
else
    SU=su
fi

then

$SU -l postgres ...

Do you have any objection to doing it that way?

Comment 6 Daniel Walsh 2004-10-05 09:14:08 EDT

runuser is not specific to SELinux.  It is part of coreutils.  You can
do this if you think your app will be installed on a version of
coreutils that does not include runuser.  Runuser is going to be
installed on /sbin/runuser also.

This is for FC3/RHEL4 and beyond.

Dan

Comment 7 Tom Lane 2004-10-05 15:37:47 EDT

Done in 7.4.5-3.

Note You need to log in before you can comment on or make changes to this bug.