From: Bastien Roucariès <[email protected]> Clearly document that su by default does not change this variables.
Signed-off-by: Bastien Roucariès <[email protected]> --- man7/environ.7 | 41 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/man7/environ.7 b/man7/environ.7 index ec886d83d..8fc26bb92 100644 --- a/man7/environ.7 +++ b/man7/environ.7 @@ -65,15 +65,15 @@ Common examples are: .TP .B USER The name of the logged-in user (used by some BSD-derived programs). +Set at login time, see section NOTES below. .TP .B LOGNAME The name of the logged-in user (used by some System-V derived programs). +Set at login time, see section NOTES below. .TP .B HOME -A user's login directory, set by -.BR login (1) -from the password file -.BR passwd (5). +A user's login directory. +Set at login time, see section NOTES below. .TP .B LANG The name of a locale to use for locale categories when not overridden @@ -114,6 +114,7 @@ Set by some shells. .TP .B SHELL The absolute pathname of the user's login shell. +Set at login time, see section NOTES below. .TP .B TERM The terminal type for which output is to be prepared. @@ -260,6 +261,37 @@ The and .B PR_SET_MM_ENV_END operations can be used to control the location of the process's environment. +.PP +The +.B HOME, +.B LOGNAME, +.B SHELL +and +.B USER +variables are set from a user database (such as the +.B password (5) +database) only when when a user is changed using the +session management interface, for instance by the +.B login(1) +program. +In particular, the +.B setuid (2) +family of functions does not set these variables. +Note that as documented in +.B su (1), +getting a root shell with just the command +.I su +results in a mixed environment where +.B LOGNAME +and +.B USER +are retained from the old user. Using +.I su -p +preserves all the variables from the existing shell, and +.I su - +or +.I su -l +is the recommended way of getting a full root environment. .SH BUGS Clearly there is a security risk here. Many a system command has been @@ -306,6 +338,7 @@ should consider renaming their option to .BR mktemp (1), .BR printenv (1), .BR sh (1), +.BR su (1), .BR tcsh (1), .BR execve (2), .BR clearenv (3), -- 2.29.2
