summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Cmd.hs
diff options
context:
space:
mode:
authorJoey Hess2018-01-17 15:13:35 -0400
committerJoey Hess2018-01-17 15:13:35 -0400
commitb3c795dc4784e64e2756d3736ce953a1e507f509 (patch)
tree068cdcdd5f8f2fca47382b62cf3ed86e2a9520e9 /src/Propellor/Property/Cmd.hs
parent7e62d051b41abe9b780cfbb8d37fecf97dce8226 (diff)
Run su with --login
To avoid inheriting some problematic environment variables, such as TMP, from the caller. The only potential breakage from this change would be if something used setEnv before one of the affected properties. Audited propellor's source for that, and nothing does. Anything that did would could fail in a concurrent context anyway.
Diffstat (limited to 'src/Propellor/Property/Cmd.hs')
-rw-r--r--src/Propellor/Property/Cmd.hs3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/Propellor/Property/Cmd.hs b/src/Propellor/Property/Cmd.hs
index f2de1a27..fbe112cc 100644
--- a/src/Propellor/Property/Cmd.hs
+++ b/src/Propellor/Property/Cmd.hs
@@ -94,6 +94,7 @@ scriptProperty script = cmdProperty "sh" ["-c", shellcmd]
-- | A property that can satisfied by running a script
-- as user (cd'd to their home directory).
userScriptProperty :: User -> Script -> UncheckedProperty UnixLike
-userScriptProperty (User user) script = cmdProperty "su" ["--shell", "/bin/sh", "-c", shellcmd, user]
+userScriptProperty (User user) script = cmdProperty "su"
+ ["--login", "--shell", "/bin/sh", "-c", shellcmd, user]
where
shellcmd = intercalate " ; " ("set -e" : "cd" : script)