Subject: Re: su additions
To: Christos Zoulas <christos@zoulas.com>
From: Tom Spindler <dogcow@babymeat.com>
List: tech-userlevel
Date: 10/18/2007 00:34:54
> This is useful for executing commands from cron or whatever, and
> controlling the group explicitly. The code is already committed,
> but disabled. I am thinking of enabling it, but I want to make sure
> first that people don't object to it, and that it does not introduce
> any security issues.
Sounds good to me; the only case I'd worry about is non-root su'ing to
another user and specifying a group neither the original user nor the
desired user is in (e.g `su - nobody:kmem`)