Mailinglist Archive: yast-devel (73 mails)

< Previous Next >
Re: [yast-devel] Moving stuff from /sbin /bin /lib /lib64 to /usr/*
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Johannes,

Am 09.07.2014 16:31, schrieb Johannes Meixner:

Hello,

On Jul 9 11:56 Thomas Biege wrote (excerpt):
Am 08.07.2014 12:35, schrieb Johannes Meixner:
...
I would appreciate an authoritative "recommended default
way" how to set up a reasonably clean environment before
calling programs as root.

Is perhaps calling "su - root" a reasonable way?

I am not sure what exactly you want to solve by calling "su -
root". I think I just miss the context.

I think the final goal is to "do something appropriate" in YaST
before it calls external programs to avoid "unexpected issues".

ah, I got it now.

I would not use "su" but explicitly set the PATH as you mentioned
below because you will not rely on "su" then, reduce the process
overhead, and have a defined state of the environ**.

HTH
Thomas


I am afraid, but I cannot describe it in more exact words.

I think what might be basically wanted is to run external programs
by YaST in the same way as if the user root would have called them
manually.

Because "man su" reads
------------------------------------------------------------------------


- -, -l, --login
Starts the shell as a login shell with an environment similar to a
real login: o clears all the environment variables except TERM o
initializes the environment variables HOME, SHELL, USER, LOGNAME,
and PATH o changes to the target user's home directory o sets
argv[0] of the shell to '-' in order to make the shell a login
shell
------------------------------------------------------------------------


I asked if perhaps calling "su - root" in YaST before it calls
other external programs is a reasonable way to run them in the same
way as if the user root would have called them manually.

On the other hand I don't know if it is really wise to run external
programs by YaST in the same way as if the user root would have
called them manually because the user root in an arbitrary real
system "out there" may have whatever unexpected settings like
strange PATH or strange locale or whatever else.

Therefore it is perhaps better to explicitly set PATH, locale, and
whatever else to sane values as I attempt it currently via
---------------------------------------------------------------------


# Make sure to have a clean environment:
export PATH="/sbin:/usr/sbin:/usr/bin:/bin" export LC_ALL="POSIX"
export LANG="POSIX" umask 022
---------------------------------------------------------------------



Kind Regards Johannes Meixner


- --
Thomas Biege <thomas@xxxxxxx>, Team Leader MaintenanceSecurity, CSSLP
SUSE LINUX Products GmbH
GF: Jeff Hawn, Jennifer Guild, Felix Imend├Ârffer
HRB 21284 (AG N├╝rnberg)
- --
Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
-- Marie von Ebner-Eschenbach
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTvlu/AAoJEJqHoVJVjr8D+LUH/2IA0LeH87cGPdzgEUiFpsGr
MVjV8BqEhx/B/74rXi7hg6iAWk20/PLevc/ktTuhPAAtiTbd86kxNZhwuGS9akvU
mircecHyWGsl7VbKcEdeAcy6hXKTCJ849FHy6TLSkgKGBPhcyqv+nTKjnUCXYIME
jlpufOJNtAIEprj2cNf7HxiOiUM/A22hdoQ/HUHN2mduD3hPRI+hnVLuJPTWhnzP
G1ZGZHu36JFAaVqFh6j8xMg+x0HIO+GN+kVwphxTtQVZ+5U4MC1515yHJIlg9BQp
T4l2iubE/NXCFluA9cLfQeRSKKTyEUwTWVNnLqHVGG8+DxfclPod6XLlCGMRsGw=
=yJvO
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: yast-devel+owner@xxxxxxxxxxxx

< Previous Next >