On Wednesday, June 07 2000, Ryan King may have said:
> On Wed, Jun 07, 2000 at 08:25:49PM -0700, Jeremy Katz wrote:
> > On Wednesday, June 07 2000, Ryan King may have said:
> >
> > > Sorry if this is OT or a FAQ, but why does neither RH6.1 or RH6.2 include
> > > /sbin/ in root's path?
> > >
> > > I've been brainstorming to try to conceive of a case where this is
> > > advantageous, but have come up empty-handed and confused. Any insight
> > > will help ease my distressed soul.
> >
> > Umm... are you sure didn't just do a 'su' instead of a 'su -'? Just
> > running su by itself will inherit the environment already present intead
> > of getting a login shell for root. Logging in as root at a console
> > (something you should never do, but nevertheless :) gives me /usr/sbin
> > and /sbin both in my path as expected
>
> Ok, I see that that is the behavior. Then this means that this was not
> intentionally done, right?
No, this is very intentionally done. It is actually the behavior of su
on every platform I can remember off the top of my head.
> As much as I can't understand when one would want to have a /sbin/-less
> path as root, I can't understand why you would only want it to be there
> when you log in as root, and not when you su. (Because, of course,
> this encourages the iffy practice of logging
> in as root).
When you run su, instead of su -, you are keeping the environment of
whatever user you were previously running as. Therefore, if this path
was trojan'd to contain, for example, /tmp:/bin:/usr/bin: ... and /sbin
and /usr/sbin got appended to this automatically, you might run a
command such as ifconfig without an explicit path and run /tmp/ifconfig
which is a shell script adding a root shell to /etc/passwd and
/etc/shadow.
The proper way to get a root shell is to do '/bin/su -'. This a) makes
sure you are running the su in /bin as well as runs it as a login shell,
giving you *just* root's environment, without environmental variables
for the user. This isn't always desirable though, eg, for the purpose
of running some X-based configuration tool and the default is to keep
the current environment due to the theory of least surprise.
Hope this helps,
Jeremy
--
Jeremy Katz
[EMAIL PROTECTED] | [EMAIL PROTECTED]
http://linuxpower.org | Developer, NCSU Realm Kit for RHL
GPG fingerprint: 367E 8B6B 5E57 2BDB 972A 4D73 C83C B4E8 89FE 392D
QOTD:
Do what thou wilt shall be the whole of the Law.
-- Aleister Crowley
PGP signature
