Hello Nan Xiao, Nan Xiao wrote on Wed, Jun 12, 2019 at 02:19:08PM +0800:
> I read su manual (https://man.openbsd.org/su.1), but can't find words > which said if no account is provided, root is the default. The BUGS section says so indirectly, but i agree that is not sufficient. A manual page ought to explain the behaviour of a utility explicitly and in the DESCRIPTION section. All the more so for aspects as important as the one you are talking about. > But for > doas(https://man.openbsd.org/doas.1), it has following words: > > -u userExecute the command as user. The default is root. > > I am not a nitpicker, just curious whether I miss something? Thanks! In OpenBSD, we do not regard it as nitpicking when people point out bugs in manual pages. We regard bugs in manual pages just as much as bugs as bugs in code. We insist that manual pages have to be correct, complete, and concise. Consequently, your report is very much appreciated and i committed the bugfix shown below. Thank you, Ingo P.S. The reason this particular bug was able to survive for so long appears to be that su(1) has been obsolete as a tool for getting a root shell for a very long time. For that purpose, it is less secure than sudo(1) used to be, and even sudo(1) was swapped out of OpenBSD because something simpler like doas(1) is even more secure unless you really need the additional functionality. And even then, if possible, getting your task done in a simpler way that doas(1) can handle may provide a security benefit. Even though su(1) can still be used today to relinquish privilege when you are already root, no more development is done on it and people rarely look at the manual page. The last time new functionality was added to the su(1) manual page was almost a decade ago, and the last time before that 17 years ago. Even though UNIX manual pages were always high quality documentation, two decades ago, they weren't fully up to modern OpenBSD quality standards yet. CVSROOT: /cvs Module name: src Changes by: [email protected] 2019/06/12 02:29:17 Modified files: usr.bin/su : su.1 Log message: when "login" is not specified, "root" is used; omission reported by Nan Xiao <xiaonan830818 at gmail dot com> on misc@ Index: su.1 =================================================================== RCS file: /cvs/src/usr.bin/su/su.1,v retrieving revision 1.31 retrieving revision 1.32 diff -u -r1.31 -r1.32 --- su.1 30 Jul 2015 08:03:49 -0000 1.31 +++ su.1 12 Jun 2019 08:29:17 -0000 1.32 @@ -49,6 +49,11 @@ .Nm utility allows a user to run a shell with the user and group ID of another user without having to log out and in as that other user. +If the target +.Ar login +name is not specified, +.Dq root +is used. .Pp By default, the environment is unmodified with the exception of .Ev LOGNAME ,
