updatedb uses su to drop privileges to nobody, this unfortunatly creates useless log entries. if updatedb were patched to use start-stop-daemon --chuid instead of su these log entries would be eliminated. (this is also a very FAQ on -user and -security, `what is this SU ??? root-nobody, have i been hacked!' ...)
I don't want to branch findutils with a separate version for Debian. I'm willing to consider other alternatives. start-stop-daemon is far from universally available on Unix systems. The command name is misleading, since a daemon is not being run. Perhaps a large part of the problem is the format of the su logging message. The message "root-nobody" could be root changing to nobody or nobody changing to root. The latter interpretation should be a concern. The former interpretation should not be a concern. A clearer log message would make it obvious that there isn't a reason for concern. If the log messages for su are useless, then why are the log messages being made. We can discuss this for a while and try to determine an alternative. Otherwise, I will close the bug. Ethan Benson <erbenson@alaska.net> writes:
the log messages are useful, for real use of su by actual people, but for a cron job its pointless. a very small C program which does setgid(), initgroups(), setuid() but no logging and no setuid bit. updatedb could call that instead.
Ethan Benson <erbenson@alaska.net> writes: But then that program would have to be included with the distribution of findutils, and it doesn't seem to belong there. If updatedb were a C program, it would be easier to solve this problem, but I'm not likely to rewrite updatedb in the near future. There might be a way of modifying find so that it determines whether the files and directories should be readable, but I'm afraid that this might duplicate kernel code, and be an inaccurate representation of accessibility. Does su really need to log when root changes to another id? Are you requesting that the other cron jobs which change id by modified to avoid the use of su? I see man, mail, and postgres being logged by PAM_unix, though only man is logged by su. I do think that the su log messages are somewhat obscure.
Ethan Benson <erbenson@alaska.net> wrote: Surely the problem is that PAM su creates useless log entries when root switches to a non-root user.
On Fri, 22 Jun 2001 01:22:36 -0800 Ethan Benson <erbenson@alaska.net> wrote: > > updatedb uses su to drop privileges to nobody, this unfortunatly > creates useless log entries. if updatedb were patched to use > start-stop-daemon --chuid instead of su these log entries would be > eliminated. > > (this is also a very FAQ on -user and -security, `what is this SU ??? > root-nobody, have i been hacked!' ...) One other solution could be the runuser command which is available in debian since util-linux 2.24.2-1 Cheers, Laurent Bigonville