[Pkg-shadow-devel] Bug#434485: su: environment setting when doing su
Jean-Christophe Dubacq
jcdubacq1 at free.fr
Tue Jul 24 07:12:30 UTC 2007
Package: login
Version: 1:4.0.18.1-11
Severity: normal
Hello,
Several remarks that are part of the same problem regarding su, pam and
environment setting.
1) If /etc/default/locale is set (or anything in /etc/environment), its
content is read when doing su (no args). I understand that it is read
when doing su -l, and not read when doing su -p. The behaviour when
doing simple su is best described (to my knowledge, which may be wrong)
by the man page:
The current environment is passed to the new shell. The value of $PATH
is reset to /bin:/usr/bin for normal users, or
/sbin:/bin:/usr/sbin:/usr/bin for the superuser. This may be changed
with the ENV_PATH and ENV_SUPATH definitions in /etc/login.defs.
Thus, I expect su to act closer to su -p than su -l.
One of the reason I would prefer this is that terminal charmap is
transported with the LC_CTYPE (or LANG) variable.
2) ENV_SUPATH on a basic etch install is:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bi
n:/usr/bin/X11
PATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
Probably /usr/bin/X11 should be removed of this list.
Solving the problem for 2 is easy. Solving it for 1 may require
to make two different pam.d/su files: one for use in su -l and one for
use in su. The line reading /etc/default/locale would be removed.
Another solution is to patch pam_env.so so that (reading an argument on
the pam line) no variables could be clobbered if they are already set. I
already wrote this patch some time ago and can provide it if it is of
any interest.
The line would become (in /etc/pam.d/su):
session required pam_env.so readenv=1 noclobber=1 envfile=/etc/default/locale
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-1-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages login depends on:
ii libc6 2.5-11 GNU C Library: Shared libraries
ii libpam-modules 0.79-4.1 Pluggable Authentication Modules f
ii libpam-runtime 0.79-4.1 Runtime support for the PAM librar
ii libpam0g 0.79-4.1 Pluggable Authentication Modules l
login recommends no packages.
-- no debconf information
More information about the Pkg-shadow-devel
mailing list