Bug 256728 - rc.subr: ${name}_user uses "su -m" that invokes root shell instead of /bin/sh
Summary: rc.subr: ${name}_user uses "su -m" that invokes root shell instead of /bin/sh
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: Unspecified
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-rc (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-20 10:02 UTC by Eugene Grosbein
Modified: 2021-06-20 14:28 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Eugene Grosbein freebsd_committer 2021-06-20 10:02:32 UTC
The port net/p2p/transmission-daemon is an example of service that utilizes <name>_user rc.conf setting. Also, it supports writing debugging logs to pre-opened (redirected to a file) STDERR by means of environment variable TR_DEBUG_FD=2 but our framework uses "su -m" for such services executing root shell that defaults to stock csh (contrib/tcsh) that closes its file descriptor 2 at start.

Note there is some kind of work-around if we do not use login classes and/or limits for the service, then add to /etc/rc.conf

transmission_chroot="/"

So "chroot -u transmission /" is used to substitute user instead of "su -m" and chroot(8) is documented not to use root shell but SHELL=/bin/sh. And /bin/sh keeps redirected STDERR open in such case.