On 22/06/17 05:24 AM, Dave Plater wrote:
On 18/06/2017 14:31, Anton Aylward wrote:
Running just "su" alone meremly changes your effective UID. By default, it is to root, but could to to another user. It does not alter HOME, SHELL, USER, LOGNAME, and PATH. That last one is important. A real root shell expects to have /sbin & /usr/sbin in the PATH AFAIK and this has how it has always been. If I use su, I've never used su -, my $HOME is /root and I have /sbin /usr/sbin added to my user's $PATH.
You seem to be contradicting yourself. First you agree with me, then you say the opposite. Perhaps you'd perform a test for me. 1. bring up your system again from boot but in text mode not GUI mode. 2. Log in as a regular user. 3. Run the 'env' command ad save it to a file. /tmp/f1.txt 4. Now do the same, in turn, each of "su" and and "su -", each at the user level prompt. Files F2.txt for the 'su" and F3.txt for the "su -" Do you get asked for the password for eah of "su" and "su -"? Now do side-by-side "sdiff" (see the man page on this, and you might consider using "diff3") on each combination of the files. Please try reconciling that with what you find when you read the man page for "su". Let me -- or rather the list - know what you observe and what you conclude. I'm particularly interested in the difference between f2.txt and f3.txt. In the interests of full disclosure, here's mine; the differ3ence between "su" on the left and "su -" on the right. https://paste.opensuse.org/87356798 As you can see, the "su" keeps a lot of the 'anton' environment. Of course alot of this is affected by the setting in /etc/pam.d for "su" and "su-l", as well as polkit, /etc/ttydefs, /etc/login.defs, possibly someting in sysconfig, and almost certainly (in my case) changes to /etc/group. it is also possible that TW is different, and that SLE has made LEAP change, but do check what you observe with the man page. If in fact the behaviour has changed, then the documentation needs changing. This is what the docco/man page says: First, it recommends: It is recommended to always use the --login option (instead of its shortcut -) to avoid side effects caused by mixing environments. Well OUCH! Don't take shortcuts :-) I'll have to note that! Then it explains: -, -l, --login Start the shell as a login shell with an environment similar to a real login: o clears all the environment variables except TERM o initializes the environment variables HOME, SHELL, USER, LOGNAME, and PATH o changes to the target user's home directory o sets argv[0] of the shell to '-' in order to make the shell a login shell Please note that: initializes the environment variables HOME, SHELL, USER, LOGNAME, and PATH This is what I've been trying to emphasise What you can do with "su" can be buqquered around with by config that you don't see. What happens with "su --login" is clear and definitive. Sidebar: what happens with sudo can be quite arbitrary, but at least you can see it there if you know how to parse the sudo config file, which is the single soruce point. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org