Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

ENV variables not set correctly after su command

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
giaur
Posts: 120
Joined: 2013-03-08 07:03

ENV variables not set correctly after su command

#1 Post by giaur »

Since recent update, please see:

Code: Select all

michal@debian:~$ su
Password: 
root@debian:/home/michal# echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
There is no[ b] /usr/sbin[/b] in path. However:

Code: Select all

michal@debian:~$ su -
Password: 
root@debian:~# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Also, please see:

Code: Select all

michal@debian:~$ su
Password: 
root@debian:/home/michal# env | grep USER
USER=michal
But with '-' all is fine:

Code: Select all

michal@debian:~$ su -
Password: 
root@debian:~# env | grep USER
USER=root
It seems I need to login with "-" to get env variables set correctly. This is introduced recently. Is it intended of bug? How to revert this to old behaviour (to be able to su without '-')?

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: ENV variables not set correctly after su command

#2 Post by Head_on_a_Stick »

giaur wrote:This is introduced recently.
Nope, I've been using GNU/Linux since October 2013 and that has always been the case for su(1) and is explained clearly in the man page.
deadbang

giaur
Posts: 120
Joined: 2013-03-08 07:03

Re: ENV variables not set correctly after su command

#3 Post by giaur »

You are wrong, they (Debian) have changed it recently. Look at older man (my debian not upgraded yet):
The current environment is passed to the new shell. The value of $PATH is reset to /bin:/usr/bin for normal users, or /sbin:/bin:/usr/sbin:/usr/bin for the superuser. This may be changed
with the ENV_PATH and ENV_SUPATH definitions in /etc/login.defs.
Now:
For backward compatibility, su defaults to not change the current directory and to only set the environment variables HOME and SHELL (plus USER and LOGNAME if the target user is not root).
PATH is not reseted anymore when you do "su" without "-". This made me confused, because I used to use su without "-" and it suddenly stopped working as intended.

User avatar
None1975
df -h | participant
df -h | participant
Posts: 1389
Joined: 2015-11-29 18:23
Location: Russia, Kaliningrad
Has thanked: 45 times
Been thanked: 66 times

Re: ENV variables not set correctly after su command

#4 Post by None1975 »

This from Debian Security Advisory DSA-4257-1
Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the
bypass of the 'user_allow_other' restriction when SELinux is active
(including in permissive mode). A local user can take advantage of this
flaw in the fusermount utility to bypass the system configuration and
mount a FUSE filesystem with the 'allow_other' mount option.

For the stable distribution (stretch), this problem has been fixed in
version 2.9.7-1+deb9u1.
Also, check this.
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github

giaur
Posts: 120
Joined: 2013-03-08 07:03

Re: ENV variables not set correctly after su command

#5 Post by giaur »

I can't see how your answer is related to my question

cronoik
Posts: 310
Joined: 2015-05-20 21:17

Re: ENV variables not set correctly after su command

#6 Post by cronoik »

giaur wrote:Since recent update, please see...

Which version of debian are you using? I can not confim such a behavior for stretch.
Have a nice day!

giaur
Posts: 120
Joined: 2013-03-08 07:03

Re: ENV variables not set correctly after su command

#7 Post by giaur »

SID. I'm pretty sure new behaviour was intruducend not earlier than month ago


User avatar
sunrat
Administrator
Administrator
Posts: 6412
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 116 times
Been thanked: 462 times

Re: ENV variables not set correctly after su command

#9 Post by sunrat »

The util-linux bug appears to have been fixed in today's full-upgrade.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

giaur
Posts: 120
Joined: 2013-03-08 07:03

Re: ENV variables not set correctly after su command

#10 Post by giaur »

Which bug? As I can see, behaviour is the same, but I also got clear mesaage, describing changes. So it's not a bug actually, it's intended.

User avatar
4D696B65
Site admin
Site admin
Posts: 2696
Joined: 2009-06-28 06:09
Been thanked: 85 times

Re: ENV variables not set correctly after su command

#11 Post by 4D696B65 »

Turns out to be a feature
util-linux (2.32-0.4) unstable; urgency=medium

The util-linux implementation of /bin/su is now used, replacing the
one previously supplied by src:shadow (shipped in login package), and
bringing Debian in line with other modern distributions. The two
implementations are very similar but have some minor differences (and
there might be more that was not yet noticed ofcourse), e.g.

- new 'su' (with no args, i.e. when preserving the environment) also
preserves PATH and IFS, while old su would always reset PATH and IFS
even in 'preserve environment' mode.
- su '' (empty user string) used to give root, but now returns an error.
- previously su only had one pam config, but now 'su -' is configured
separately in /etc/pam.d/su-l

The first difference is probably the most user visible one. Doing
plain 'su' is a really bad idea for many reasons, so using 'su -' is
strongly recommended to always get a newly set up environment similar
to a normal login. If you want to restore behaviour more similar to
the previous one you can add 'ALWAYS_SET_PATH yes' in /etc/login.defs.

Post Reply