Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
michal@debian:~$ su -
Password:
root@debian:~# env | grep USER
USER=root
It seems I need to login with "-" to get env variables set correctly. This is introduced recently. Is it intended of bug? How to revert this to old behaviour (to be able to su without '-')?
You are wrong, they (Debian) have changed it recently. Look at older man (my debian not upgraded yet):
The current environment is passed to the new shell. The value of $PATH is reset to /bin:/usr/bin for normal users, or /sbin:/bin:/usr/sbin:/usr/bin for the superuser. This may be changed
with the ENV_PATH and ENV_SUPATH definitions in /etc/login.defs.
Now:
For backward compatibility, su defaults to not change the current directory and to only set the environment variables HOME and SHELL (plus USER and LOGNAME if the target user is not root).
PATH is not reseted anymore when you do "su" without "-". This made me confused, because I used to use su without "-" and it suddenly stopped working as intended.
Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the
bypass of the 'user_allow_other' restriction when SELinux is active
(including in permissive mode). A local user can take advantage of this
flaw in the fusermount utility to bypass the system configuration and
mount a FUSE filesystem with the 'allow_other' mount option.
For the stable distribution (stretch), this problem has been fixed in
version 2.9.7-1+deb9u1.
The util-linux implementation of /bin/su is now used, replacing the
one previously supplied by src:shadow (shipped in login package), and
bringing Debian in line with other modern distributions. The two
implementations are very similar but have some minor differences (and
there might be more that was not yet noticed ofcourse), e.g.
- new 'su' (with no args, i.e. when preserving the environment) also
preserves PATH and IFS, while old su would always reset PATH and IFS
even in 'preserve environment' mode.
- su '' (empty user string) used to give root, but now returns an error.
- previously su only had one pam config, but now 'su -' is configured
separately in /etc/pam.d/su-l
The first difference is probably the most user visible one. Doing
plain 'su' is a really bad idea for many reasons, so using 'su -' is
strongly recommended to always get a newly set up environment similar
to a normal login. If you want to restore behaviour more similar to
the previous one you can add 'ALWAYS_SET_PATH yes' in /etc/login.defs.