All of lore.kernel.org
 help / color / mirror / Atom feed
From: Linda Walsh <lkml@tlinx.org>
To: util-linux@vger.kernel.org
Subject: regression bug: user loses DISPLAY & REMOTEHOST with  'su -p - username"
Date: Tue, 17 Dec 2013 15:12:56 -0800	[thread overview]
Message-ID: <52B0DA78.8060109@tlinx.org> (raw)


"su --preserve_environment - username" no longer preserves
your REMOTEHOST and DISPLAY values.  They should be
in the same class as 'TERM', as they are passed from the
pre-login environment.

I don't know if there are other values that shouldn't be
removed -- but it is bad to clear the environment just
because one wants a shell called with '-<shell>'.

The preserve environment flag is NOT incompatible with login.
It means don't clear the env, but do call login via -<shell>.

-p means don't clear the ENV -- but do call the user's shell
with a '-' in front of it.  That has always been the functionality
of 'su'.

If you want to make 'su' fancier, maybe it needs a "/etc/suers.conf"
file so specific values can be easily changed to reflect
site policy rather than hard coding them.








             reply	other threads:[~2013-12-17 23:38 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-12-17 23:12 Linda Walsh [this message]
2013-12-18 10:54 ` regression bug: user loses DISPLAY & REMOTEHOST with 'su -p - username" Karel Zak
2013-12-18 20:05   ` Linda Walsh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52B0DA78.8060109@tlinx.org \
    --to=lkml@tlinx.org \
    --cc=util-linux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.