[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Likewise su should not screw with PATH

Likewise this functionality from su is misguided:

       The  current  environment is passed to the new shell.  The
       value of $PATH is reset to /bin:/usr/bin for normal users,
       or /sbin:/bin:/usr/sbin:/usr/bin for the super user.  This
       may be changed with the ENV_PATH  and  ENV_SUPATH  defini-
       tions in /etc/login.defs.

This path should be 
for both root and normal users.

There is no security rationale for making root's life more difficult by making
it more awkward to run binaries installed locally -- binaries installed in
/usr/local by the administrator are no more or less secure than binaries
installed by the distribution. And none for making life more difficult by
making all of X more awkward for root to use -- especially as more and more
administrative functions use or require X.

Nor is there any rationale for making life more difficult when suing to other
users by making it more awkward to use programs /sbin or /usr/sbin such as
traceroute, lsmod, ifconfig.

The only rationale might be that in the case of a network outage where /usr
might be network mounted you might want to have PATH be entirely local.
However in that case it should be /bin:/sbin, and in that case you're probably
not using su to gain access anyways.


Reply to: