Re: [Jack-Devel] su, limits, PAM and JACK

Prev	Next Index
Date	Wed, 23 May 2012 00:19:24 +0000
From	Jamie Heilman <[hidden] at audible dot transient dot net>
To	Jeremy Henty <[hidden] at starurchin dot org>
Cc	[hidden] at lists dot jackaudio dot org
In-Reply-To	Jeremy Henty Re: [Jack-Devel] su, limits, PAM and JACK
Follow-Up	Jeremy Henty Re: [Jack-Devel] su, limits, PAM and JACK

Jeremy Henty wrote:
> Jamie Heilman wrote:
> 
> > Chances are your PAM stack isn't configured to use pam_limits.so for
> > su sessions,  which means  using su won't  pay any attention  to the
> > setttings in  limits.conf until  it is.  That  said, don't  do that.
> > Using su programatically to switch  users is a bad idea becuase su's
> > behavior is notoriously unportable anyway.
> 
> So,  is there any  good way  to programatically  switch users?   I ask
> because I  have been  trying to  do that with  su and  I hit  the same
> problem as the OP.

Depends on the context you're doing it in.  Generally, the best
approach is to use the system library hooks for whatever language
you're programming in to do it.  When it comes to bourne shell (which
doesn't have any native hooks to setgid/setuid), personally, I'm a big
fan of the supervision utilities written by djb
(http://cr.yp.to/daemontools.html) and by extension runit
(http://smarden.org/runit/) which is more or less a clone of
daemontools but more commonly found packaged in distros; both of these
include great tools for switching uid/gid from within bourne shell,
but I wouldn't use them outside of scripting daemon startup/shutdown.

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/

Prev	Next Index

1337732378.577_0.ltw:2, <20120523001924.GB18937 at cucamonga dot audible dot transient dot net>