Hello Bastien, On 1/27/21 4:48 PM, roucaries.bast...@gmail.com wrote: > From: Bastien Roucariès <ro...@debian.org> > > Clearly document that su by default does not change this variables.
I'm dubious about this. The place that this should be (and is) properly documented is the manual page for su(1). Why repeat it here? Thanks, Miuchael > Signed-off-by: Bastien Roucariès <ro...@debian.org> > --- > man7/environ.7 | 41 +++++++++++++++++++++++++++++++++++++---- > 1 file changed, 37 insertions(+), 4 deletions(-) > > diff --git a/man7/environ.7 b/man7/environ.7 > index ec886d83d..8fc26bb92 100644 > --- a/man7/environ.7 > +++ b/man7/environ.7 > @@ -65,15 +65,15 @@ Common examples are: > .TP > .B USER > The name of the logged-in user (used by some BSD-derived programs). > +Set at login time, see section NOTES below. > .TP > .B LOGNAME > The name of the logged-in user (used by some System-V derived programs). > +Set at login time, see section NOTES below. > .TP > .B HOME > -A user's login directory, set by > -.BR login (1) > -from the password file > -.BR passwd (5). > +A user's login directory. > +Set at login time, see section NOTES below. > .TP > .B LANG > The name of a locale to use for locale categories when not overridden > @@ -114,6 +114,7 @@ Set by some shells. > .TP > .B SHELL > The absolute pathname of the user's login shell. > +Set at login time, see section NOTES below. > .TP > .B TERM > The terminal type for which output is to be prepared. > @@ -260,6 +261,37 @@ The > and > .B PR_SET_MM_ENV_END > operations can be used to control the location of the process's environment. > +.PP > +The > +.B HOME, > +.B LOGNAME, > +.B SHELL > +and > +.B USER > +variables are set from a user database (such as the > +.B password (5) > +database) only when when a user is changed using the > +session management interface, for instance by the > +.B login(1) > +program. > +In particular, the > +.B setuid (2) > +family of functions does not set these variables. > +Note that as documented in > +.B su (1), > +getting a root shell with just the command > +.I su > +results in a mixed environment where > +.B LOGNAME > +and > +.B USER > +are retained from the old user. Using > +.I su -p > +preserves all the variables from the existing shell, and > +.I su - > +or > +.I su -l > +is the recommended way of getting a full root environment. > .SH BUGS > Clearly there is a security risk here. > Many a system command has been > @@ -306,6 +338,7 @@ should consider renaming their option to > .BR mktemp (1), > .BR printenv (1), > .BR sh (1), > +.BR su (1), > .BR tcsh (1), > .BR execve (2), > .BR clearenv (3), > -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/
