On Wed, Aug 22, 2018 at 04:24:38PM +1000, [email protected] wrote:
>
> I notice when I login to root with “su” the $PATH doesn’t contain any sbin
> folders, only bin. If I login to root with “su -“ then the $PATH is as
> expected.
Perhaps this extract from util-linux NEWS is relevant:-
-----------------------------------------------------------------
The util-linux implementation of /bin/su is now used, replacing the
one previously supplied by src:shadow (shipped in login package), and
bringing Debian in line with other modern distributions. The two
implementations are very similar but have some minor differences (and
there might be more that was not yet noticed ofcourse), e.g.
- new 'su' (with no args, i.e. when preserving the environment) also
preserves PATH and IFS, while old su would always reset PATH and IFS
even in 'preserve environment' mode.
- new 'su -' (creating new environment) will do just that, while old
su would always preserve content of DISPLAY and XAUTHORITY
environment variables. Set them as needed (but beware X doesn't give
you any real privileges separation anyway if you can access an X
server of another user). See pam_xauth(8) if you want to reconfigure
pam for seamless xauth keys.
- su '' (empty user string) used to give root, but now returns an error.
- previously su only had one pam config, but now 'su -' is configured
separately in /etc/pam.d/su-l. This file additionally invokes
'pam_keyinit' to revoke the session keyring.
The first difference is probably the most user visible one. Doing
plain 'su' is a really bad idea for many reasons, so using 'su -' is
strongly recommended to always get a newly set up environment similar
to a normal login. If you want to restore behaviour more similar to
the previous one you can add 'ALWAYS_SET_PATH yes' in /etc/login.defs.
-- Andreas Henriksson <[email protected]> Fri, 03 Aug 2018 10:52:22 +0200
------------------------------------------------------------------
ael
_______________________________________________
Dng mailing list
[email protected]
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
