Why does util-linux runuser (su) fork?

Question

Using runuser from util-linux (a different entry point for su, which only operates if starting from root), one sees a process tree that looks something like the following:

[root] runuser -u username sometool
  \- [username] sometool

What's the purpose of keeping this parent process around, rather than simply dropping privileges and execing the target?

Answer 1

As you see in the manpage:

--session-command=command Same as -c , but do not create a new session (discouraged).

So the default invocation requires to create a new process, because a new session need a new PID.

Additionally the return code depends on exit status, or on the signal that killed the process. This last point also requires a process monitoring the status of the child process.

I think this is due by design. Unlike su, IMO, runuser is made to be used in scripts (so never ask for password, handle error status better, and also separate signals handling (new session) from caller.

Answer 2

What's the purpose of keeping this parent process around

I read through create_watching_parent in the su-common.c source code. It looks like the parent stays around so that it can do the following:

• the parent calls cleanup_pam after the child exits
• if the child exited because of a signal, the parent prints (to stderr) the disposition of the child similar to the way a shell would.
• if the parent receives a SIGINT, SIGQUIT, or SIGTERM signal, the parent will catch the signal and kill the child with SIGTERM and then SIGKILL, then kill itself with the same signal it received. I guess it does this so that it's straightforward for the user to terminate the command in situations where the child has put itself into a different session or pgrp.

Answer 3

Complementing other answers, the command in util-linux that does not fork is setpriv:

# setpriv --reuid=django --regid=django --inh-caps=-all --reset-env --clear-groups ./run-server