diff options
author | schmonz-web-ikiwiki@025fa2638101a6a9c91816b42707c4dc6ea8ff53 <schmonz-web-ikiwiki@web> | 2018-03-21 14:02:25 -0400 |
---|---|---|
committer | admin <admin@branchable.com> | 2018-03-21 14:02:25 -0400 |
commit | ff2a4792a540ce6cb13ae0f5519390f25c0388b7 (patch) | |
tree | 4ec75bba16468d66cc7650d11c63db5e7faa4472 /doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn | |
parent | eef51ab593845f232ec5cc120e3fe0eccc4741ed (diff) | |
download | ikiwiki-ff2a4792a540ce6cb13ae0f5519390f25c0388b7.tar ikiwiki-ff2a4792a540ce6cb13ae0f5519390f25c0388b7.tar.gz |
Report portability bug, partway to a fix
Diffstat (limited to 'doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn')
-rw-r--r-- | doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn b/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn new file mode 100644 index 000000000..2cc7ae957 --- /dev/null +++ b/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn @@ -0,0 +1,23 @@ +As best as I can recall, running ikiwiki-mass-rebuild as root has never worked for me on NetBSD or Mac OS X. On both platforms, it gives me a shell as each user in the system wikilist. This is due to non-portable arguments to su(1). + +The following patch works much better on the aforementioned platforms, as well as CentOS 6: + +``` +diff --git ikiwiki-mass-rebuild ikiwiki-mass-rebuild +index ce4e084e8..2ff33b493 100755 +--- ikiwiki-mass-rebuild ++++ ikiwiki-mass-rebuild +@@ -32,7 +32,7 @@ sub processuser { + my $user=shift; + return if $user=~/^-/ || $users{$user}; + $users{$user}=1; +- my $ret=system("su", $user, "-s", "/bin/sh", "-c", "--", "$0 --nonglobal @ARGV"); ++ my $ret=system("su", "-m", $user, "-c", "/bin/sh -c -- '$0 --nonglobal @ARGV'"); + if ($ret != 0) { + print STDERR "warning: processing for $user failed with code $ret\n"; + } +``` + +The `-m` may be overzealous. I have some sites running as users with `/sbin/nologin` for a shell, and this allows running a command as those users, though without some typical environment variables. This is probably wrong. Maybe I should be doing something else to limit shell access for those users, and the su arg should instead be `-`. + +--[[schmonz]] |