Subject: bin/17340: the meaning of the "-c" option to /usr/bin/su is overloaded
To: None <email@example.com>
From: None <firstname.lastname@example.org>
Date: 06/20/2002 16:48:50
>Synopsis: the meaning of the "-c" option to /usr/bin/su is overloaded
>Arrival-Date: Thu Jun 20 16:49:01 PDT 2002
>Originator: Paul Shupak
>Release: NetBSD 1.6B - today
System: NetBSD fsrv 1.6B NetBSD 1.6B (FSRV) #117: Tue Jun 18 00:22:44 PDT 2002 root@fsrv:/usr/src/sys/arch/i386/compile/FSRV i386
The command 'su -c "random command"' no longer functions,
though 'su root -c "random command"' does act as before.
A likely mistake was the use of the "-c" argument to reflect
changes in login class along with its traditional usage as the
prefix specifier to the command to be executed..
Quoting the man page:
-c Specify a login class. You may only override the default class
if you're already root.
AND ALSO FURTHER DOWN - same current man page:
To execute arbitrary command with privileges of user username, execute:
su username -c "command args"
NOTE the conflict with the statement (also in the current man page):
su requests the Kerberos password for login (or for ``login.root'', if no
login is provided)
In other words, if the use actually intends to use the "default root"
properties of "su", the "-c" option fails miserably.
Try something like 'su -c "make install"' and watch the error
message "su: Only root may use -c" appear: Unfortunately this
has been my habit for at least 18 years, and it usage as such
almost certainly predates even that.
I would propose that probably a different argument should be
used for changing the login class; I would propose "-C" ( i.e.
capital 'C' instead of a reuse of lowercase 'c' ).
Usable example code below.
*** su.c Tue Jun 11 15:42:10 2002
--- /tmp/su.c Thu Jun 20 16:44:47 2002
*** 147,153 ****
! case 'c':
class = optarg;
--- 147,153 ----
! case 'C':
class = optarg;