From ff2a4792a540ce6cb13ae0f5519390f25c0388b7 Mon Sep 17 00:00:00 2001 From: "schmonz-web-ikiwiki@025fa2638101a6a9c91816b42707c4dc6ea8ff53" Date: Wed, 21 Mar 2018 14:02:25 -0400 Subject: [PATCH] Report portability bug, partway to a fix --- ...ld_has_probably_never_worked_portably.mdwn | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn diff --git a/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn b/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn new file mode 100644 index 000000000..2cc7ae957 --- /dev/null +++ b/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn @@ -0,0 +1,23 @@ +As best as I can recall, running ikiwiki-mass-rebuild as root has never worked for me on NetBSD or Mac OS X. On both platforms, it gives me a shell as each user in the system wikilist. This is due to non-portable arguments to su(1). + +The following patch works much better on the aforementioned platforms, as well as CentOS 6: + +``` +diff --git ikiwiki-mass-rebuild ikiwiki-mass-rebuild +index ce4e084e8..2ff33b493 100755 +--- ikiwiki-mass-rebuild ++++ ikiwiki-mass-rebuild +@@ -32,7 +32,7 @@ sub processuser { + my $user=shift; + return if $user=~/^-/ || $users{$user}; + $users{$user}=1; +- my $ret=system("su", $user, "-s", "/bin/sh", "-c", "--", "$0 --nonglobal @ARGV"); ++ my $ret=system("su", "-m", $user, "-c", "/bin/sh -c -- '$0 --nonglobal @ARGV'"); + if ($ret != 0) { + print STDERR "warning: processing for $user failed with code $ret\n"; + } +``` + +The `-m` may be overzealous. I have some sites running as users with `/sbin/nologin` for a shell, and this allows running a command as those users, though without some typical environment variables. This is probably wrong. Maybe I should be doing something else to limit shell access for those users, and the su arg should instead be `-`. + +--[[schmonz]] -- 2.39.5