On Wed, Oct 31, 2007 at 03:23:57PM +0100, Michael Grant wrote: > > Yeah, I misread your problem. Are you saying that you want to su to root, > > but still have some variables set as they were on the account you sued from? > > So you have a user named Michael, say, and you su to root, but when you ssh > > you want Michael's .ssh to be the effective one? > > Well sort of. When I su, $HOME is set to my homedir and $USER set to > mgrant. This is fine. However, ssh (when sued) doesn't read > $HOME/.ssh, it reads /root/.ssh. And it's not defaulting to logging > into the remote machine as $USER, it tries to log in as root. It does > this because it's hardwired in the code more or less as follows (I've > extracted the relevant code from ssh.c): > > original_real_uid = getuid(); > pw = getpwuid(original_real_uid); > sprintf(buf, "%s/%s", pw->pw_dir, "ssh-config"); > read_config_file(buf); > options.user = strdup(pw->pw_name); > > Like I said, it seems like a bug to me. Personally I would have done > a getenv("HOME") and getenv("USER") myself instead of depending on the > userid. Probably they had good reason for doing it the way they did > it.
Probably to do with the fact that both $HOME and $USER can be set by the user to any arbitrary value: [EMAIL PROTECTED]:~] --->$ echo $USER $HOME daniel /home/daniel [EMAIL PROTECTED]:~] --->$ USER=root [EMAIL PROTECTED]:~] --->$ HOME=/root [EMAIL PROTECTED]:/home/daniel] --->$ echo $USER $HOME root /root [EMAIL PROTECTED]:/home/daniel] --->$ cd [EMAIL PROTECTED]:~] --->$ pwd /root Not so good for security! Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \
Description: PGP signature