On Mon, Aug 13, 2018 at 08:43:12AM -0400, Greg Wooledge wrote:
On Sat, Aug 11, 2018 at 11:41:34AM +0200, Pétùr wrote:The new 'su' is useless for me because it cannot launch root program. I did the modification in /etc/login.defs and restore the previous behavior. However I am concern with the statement " Doing plain 'su' is a really bad idea for many reasons". Could someone explain to me why this is a bad behavior?It's not what Red Hat does, and therefore "oooooh, we have to change to match what Red Hat does".
Actually, util-linux is distributed by the Linux Kernel Organization (i.e. the folks at kernel.org). So, yes, Debian has to match what Red Hat does inasmuch as Red Hat uses a Linux kernel and so does Debian. It just makes sense to use the kernel-provided kernel utilities.
As an aside, I don't know what the situation is with the *BSD Debians. They presumably don't use util-linux, so I *guess* they're still using su from src:shadow?
Never mind the fact that it's a completely stupid, intrusive, pointless change that breaks the behavior that has been working properly in Debian for decades. Who cares about things working properly, or backward compatiblity, or common sense? GOTTA MATCH RED HAT!
Change should be acceptable IF there is a good reason for it. I'll agree, though, that it's not really been well-communicated how "su -" is better than "su" and why, apparently, the meaning of the two have been swapped over. But if the point is to make things more secure, then that's a perfectly acceptable reason for breakage.
Users will be confused? SCREW 'EM! GOTTA MATCH RED HAT! Scripts will break? SCREW 'EM! GOTTA MATCH FUCKING RED HAT! The only reason anyone would think that "plain su is bad" is because they had to work with Red Hat systems (or perhaps certain BSD-based systems) where plain su behaves the way testing's su behaves, and they got used to it.
-- For more information, please reread.
Attachment:
signature.asc
Description: PGP signature