[CC'ing upstream] On Fri, Apr 03, 2026 at 11:57:46AM +0200, Katie May wrote: > Package: util-linux > Version: 2.42-1 > > Dear Maintainer, > > runuser no longer accepts the whitelist-environment option (both in long > and short form) despite it still being listed in the man page. > > For example, without specifying whitelist, runuser works > ``` > # runuser -l test -c id > uid=12345(test) gid=12345(test) groups=12345(test) > ``` > > But if I specify an environment variable to whitelist I get an error > ``` > # runuser -l test -w MY_VAR -c id > -sh: 0: Illegal option -w > ```
It appears to work when placing the options in a different order, f.e. this works: # MY_VAR=foo runuser -w MY_VAR -l root -c env Notably the placement of the -l option and the username seem to be the problem. I'll note that `MY_VAR=foo runuser -l root -w MY_VAR -c env` worked in 2.41. Maybe ac0147fd14b348097c82c1c89a5417b582e26bad broke this? | commit ac0147fd14b348097c82c1c89a5417b582e26bad | Author: cgoesche <[email protected]> | AuthorDate: Sun Nov 2 11:55:09 2025 -0500 | Commit: cgoesche <[email protected]> | CommitDate: Mon Nov 3 13:16:19 2025 -0500 | | su: pass arguments after <user> to shell | | The su(1) manpage describes how the arguments after <user> | are passed to the invoked shell. However this is empirically | wrong, as option flags after <user> are interpreted by su(1) | and will eventually never be passed or yield an error that | terminates the program due to an unrecognized option flag. | | To fix this we can change getopt(3)'s scanning mode with a '+' | prefixed to 'optstring', this will make it so that getopt(3) | stops processing argv elements on the first occurrence of a | non-option argument, e.g. '-' or '<user>'. | | Additionally, if the argument that directly follows '-' is an | option flag, su(1) will assume that this argument and the ones | that follow, are to be passed to a shell invoked by the root user. | | Addresses: https://github.com/util-linux/util-linux/pull/1809 | Signed-off-by: cgoesche <[email protected]> Chris
