Hello Ian Bruce, On Thu, Aug 02, 2018 at 10:19:32PM -0700, ian_br...@mail.ru wrote: > <g...@hillenius.net> wrote: > > > I thought I (or something) had hosed my system, but it turns out this > > change is by design. > > That was exactly my reaction. I don't think that it's acceptable to have > a major (unannounced) change in behaviour for an essential system > utility like "/bin/su".
You'll be happy to see that a NEWS entry has already been added for this, see: https://salsa.debian.org/debian/util-linux/commit/b95fbe9d79173058204e226531f4b1f9ad2f26f7 > > some discussion here: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833256#90 > > quote: > > Debian would have to add "ALWAYS_SET_PATH yes" to "/etc/login.defs" > to preserve its current behavior. > > current source code reference: > > https://sources.debian.org/src/util-linux/2.32-0.3/login-utils/su-common.c/#L980 > > It seems that the previous behaviour can be restored, without source > code modifications, simply by changing a config file. That would seem to > be by far the best option. The problem is still that we need to choose between preserving old Debian behaviour or being in line with how every other distribution works. We can patch the defaults in debian, but do we want to be different? The point of this switch was both to switch to the same (maintained) implementation everyone else uses as well as getting the same behaviour in every possible corner case that maybe noone noticed (but pointless differences between distributions are annoying and timeconsuming to debug). Mainly though, using 'su' should NEVER be done. It comes with so many problems. You should never be root while having the environment from another user. Even if it 'seems to work' for you, just don't do it! Ever! For sanity 'su -l' (aka 'su -') should be the default, but for legacy reasons it's hard to make this change now. Also sudo is just a better tool (with much more sane defaults) so su should probably simply be completely deprecated. OTOH I bet there's a spec (like POSIX) that requires it (and documents it's insane default behaviour). Everyone installing systems should just get into the habit of locking the root account, setting up a user account which has sudo privilegies. The Debian Installer does this for you if you just leave the 'root password' prompt blank already. Please help spread the word. Regards, Andreas Henriksson
