sudo /bin/su nobody

Steve Beaty beaty at emess.mscd.edu
Tue Sep 24 11:59:16 EDT 2002


Todd and all,

> Why not do "sudo -u nobody ls" and avoid su entirely?  For what
> it's worth, the BSD su has a "-m" flag for just this situation.

	excellent question, based on my bad example :-)  i really don't
	necessarily know what command i want to execute, today it looks
	like:

---------------------------------------------------------------------------
sudo /bin/su nobody -c \
	"/usr/java/j2sdk1.4.0_01/bin/java -cp /tmp/$PPID Main $args" < \
	$input 2>&1 | \
	awk '{ gsub (/&/, "\\&"); gsub (/</, "\\<"); gsub (/>/, "\\>"); print; }'
---------------------------------------------------------------------------

	tomorrow it may well look different.  i'm trying to run a program
	with less-than-usual privileges from a web cgi script.  i need to
	have typical user permissions to save a file, which i get via
	suexec or cgi-wrap, but i want to run that file with the reduced
	privileges.

	make sense?  many thanks,

-- 
Dr. Steve Beaty (B80)                                 Associate Professor
Metro State College of Denver                        beaty at emess.mscd.edu
VOX: (303) 556-5321                                 Science Building 134C
FAX: (303) 556-5381                         http://clem.mscd.edu/~beatys/



More information about the sudo-users mailing list