running as another user?

Paul Fox pgf at brightstareng.com
Fri Jan 20 02:26:27 UTC 2006 

 > > the -c option for su and sh is certainly traditional.  it lets
 > > you pass a full shell command, including full syntax:
 > > redirections, semi-colons, etc, to the shell:
 > >     su -c pgf "date | mail -s foo someone; echo mail sent >/tmp/junk"
 > > very useful in places like crontab.
 > 
 > Ah, I see where the confusion is.
 > 
 > "su landley ps ax" works fine, but if you do "su landley ls -l" it'll barf 
 > because su is trying to interpret the -l as an option to su.  (If xargs did 
 > that we'd have the developers' head on a platter.  There is a correct way to 
 > do this.  It's not brain surgery.  If it's after the username, it's not an 
 > option to su.  This is why getopt(3) has the option to put "+" as the first 
 > character of the string, guys...)

oh.  i see.  i confess i've been continually surprised by commands (like
mount) which allow options interspersed with string (usually filename)
args.  thanks for pointing out how to suppress it.  i guess i'm old
fashioned enough to think that that should still be the default.

 > 
 > > maybe i'm missing something, and this is possible without -c, but
 > > i don't think so.
 > 
 > try:
 >   su username ps ax
 > 
 > Or, to show that -c is pointless:
 >   su root /bin/sh \-c "ls -l"
 > 
 > Unfortunately, you need the - to prevent getopt from parsing -c as an option 
 > to su.  (Maybe this is an ubuntu bug?)

okay.  it turns out i don't understand su as well as i thought,
but i think i understand better now.  in a traditional version of
su (and i just checked a very old pre-SystemV AT&T manual) the -c
shouldn't ever be interpreted by su.  a correctly operating su
should pass all of its args to the shell.  so this:
    su root ps ax
becomes this (after the id switch):
    /bin/sh ps ax
which is where the "cannot execute binary file" comes from.
to get around that error, you need to use:
    su root -c ps ax
which becomes:
    /bin/sh -c ps ax
note that the "-c" you added is an option to the shell, not to su.

but if i look at "man su" on ubuntu (which matches behavior with
what's in debian etch, though i don't have a man page there), i
see this text:
    Any arguments supplied after the username will be
    concatenated in a single command and passed to the invoked
    shell with the -c option of that shell.  If you want to
    provide separated arguments to the shell, you can supply exec
    <shell> <arguments> as the command.

so in these newer su commands, su adds the "-c" for you.  and,
from experiment, it looks like it only passes one -c option, not
two, as you might expect from the man page.

what a mess.  i guess the newer behavior is better, sort of.

paul
=---------------------
 paul fox, pgf at brightstareng.com

More information about the busybox mailing list