ENV variables not set correctly after su command

Kernels & Hardware, configuring network, installing services

ENV variables not set correctly after su command

Postby giaur » 2018-07-30 05:57

Since recent update, please see:

Code: Select all
michal@debian:~$ su
Password:
root@debian:/home/michal# echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

There is no[ b] /usr/sbin[/b] in path. However:

Code: Select all
michal@debian:~$ su -
Password:
root@debian:~# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin


Also, please see:

Code: Select all
michal@debian:~$ su
Password:
root@debian:/home/michal# env | grep USER
USER=michal


But with '-' all is fine:

Code: Select all
michal@debian:~$ su -
Password:
root@debian:~# env | grep USER
USER=root


It seems I need to login with "-" to get env variables set correctly. This is introduced recently. Is it intended of bug? How to revert this to old behaviour (to be able to su without '-')?
giaur
 
Posts: 65
Joined: 2013-03-08 07:03

Re: ENV variables not set correctly after su command

Postby Head_on_a_Stick » 2018-07-30 08:53

giaur wrote:This is introduced recently.

Nope, I've been using GNU/Linux since October 2013 and that has always been the case for su(1) and is explained clearly in the man page.
dbruce wrote:Ubuntu forums try to be like a coffee shop in Seattle. Debian forums strive for the charm and ambience of a skinhead bar in Bacau. We intend to keep it that way.
User avatar
Head_on_a_Stick
 
Posts: 8321
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: ENV variables not set correctly after su command

Postby giaur » 2018-07-30 11:06

You are wrong, they (Debian) have changed it recently. Look at older man (my debian not upgraded yet):

The current environment is passed to the new shell. The value of $PATH is reset to /bin:/usr/bin for normal users, or /sbin:/bin:/usr/sbin:/usr/bin for the superuser. This may be changed
with the ENV_PATH and ENV_SUPATH definitions in /etc/login.defs.


Now:

For backward compatibility, su defaults to not change the current directory and to only set the environment variables HOME and SHELL (plus USER and LOGNAME if the target user is not root).


PATH is not reseted anymore when you do "su" without "-". This made me confused, because I used to use su without "-" and it suddenly stopped working as intended.
giaur
 
Posts: 65
Joined: 2013-03-08 07:03

Re: ENV variables not set correctly after su command

Postby None1975 » 2018-07-30 13:11

This from Debian Security Advisory DSA-4257-1
Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the
bypass of the 'user_allow_other' restriction when SELinux is active
(including in permissive mode). A local user can take advantage of this
flaw in the fusermount utility to bypass the system configuration and
mount a FUSE filesystem with the 'allow_other' mount option.

For the stable distribution (stretch), this problem has been fixed in
version 2.9.7-1+deb9u1.

Also, check this.
User avatar
None1975
 
Posts: 701
Joined: 2015-11-29 18:23
Location: Lithuania, Vilnius

Re: ENV variables not set correctly after su command

Postby giaur » 2018-07-30 13:32

I can't see how your answer is related to my question
giaur
 
Posts: 65
Joined: 2013-03-08 07:03

Re: ENV variables not set correctly after su command

Postby cronoik » 2018-07-30 16:46

giaur wrote:Since recent update, please see...

Which version of debian are you using? I can not confim such a behavior for stretch.
Have a nice day!
cronoik
 
Posts: 288
Joined: 2015-05-20 21:17

Re: ENV variables not set correctly after su command

Postby giaur » 2018-07-31 04:37

SID. I'm pretty sure new behaviour was intruducend not earlier than month ago
giaur
 
Posts: 65
Joined: 2013-03-08 07:03


Re: ENV variables not set correctly after su command

Postby sunrat » 2018-07-31 14:07

The util-linux bug appears to have been fixed in today's full-upgrade.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!
User avatar
sunrat
 
Posts: 2495
Joined: 2006-08-29 09:12
Location: Melbourne, Australia

Re: ENV variables not set correctly after su command

Postby giaur » 2018-08-06 11:30

Which bug? As I can see, behaviour is the same, but I also got clear mesaage, describing changes. So it's not a bug actually, it's intended.
giaur
 
Posts: 65
Joined: 2013-03-08 07:03

Re: ENV variables not set correctly after su command

Postby 4D696B65 » 2018-08-06 12:24

Turns out to be a feature

util-linux (2.32-0.4) unstable; urgency=medium

The util-linux implementation of /bin/su is now used, replacing the
one previously supplied by src:shadow (shipped in login package), and
bringing Debian in line with other modern distributions. The two
implementations are very similar but have some minor differences (and
there might be more that was not yet noticed ofcourse), e.g.

- new 'su' (with no args, i.e. when preserving the environment) also
preserves PATH and IFS, while old su would always reset PATH and IFS
even in 'preserve environment' mode.
- su '' (empty user string) used to give root, but now returns an error.
- previously su only had one pam config, but now 'su -' is configured
separately in /etc/pam.d/su-l

The first difference is probably the most user visible one. Doing
plain 'su' is a really bad idea for many reasons, so using 'su -' is
strongly recommended to always get a newly set up environment similar
to a normal login. If you want to restore behaviour more similar to
the previous one you can add 'ALWAYS_SET_PATH yes' in /etc/login.defs.
User avatar
4D696B65
 
Posts: 2219
Joined: 2009-06-28 06:09


Return to System configuration

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable