DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 7th September 2010
sputnik's Avatar
sputnik sputnik is offline
Port Guard
 
Join Date: Mar 2009
Posts: 23
Thanked 0 Times in 0 Posts
Default ksh doesn't reed root's .profile

Anyone has a clue? If i use "su - root", i have all aliases in /root/.profile working. If i use "su", /root/.profile doesn't seem to be read by ksh. What's the solution? Typing "su - root" every time is annoying.
Reply With Quote
  #2   (View Single Post)  
Old 7th September 2010
rocket357's Avatar
rocket357 rocket357 is online now
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 328
Thanked 9 Times in 9 Posts
Default

Quote:
Originally Posted by sputnik View Post
Anyone has a clue? If i use "su - root", i have all aliases in /root/.profile working. If i use "su", /root/.profile doesn't seem to be read by ksh. What's the solution? Typing "su - root" every time is annoying.
That's intended behavior. If you simply "su", you're keeping your environment while gaining elevated priv. If you "su -", you are using a login shell to read root's environment.

Read ksh's manpage (search for login shell and privileged shell).
Reply With Quote
  #3   (View Single Post)  
Old 7th September 2010
sputnik's Avatar
sputnik sputnik is offline
Port Guard
 
Join Date: Mar 2009
Posts: 23
Thanked 0 Times in 0 Posts
Default

Just read it, but haven't found a solution. I've also noted when i use "su" i'm keeping my environment partly. E.g. exported variables like PKG_PATH or CVSROOT are preserved, but aliases ar not. I'm confused.
Reply With Quote
  #4   (View Single Post)  
Old 7th September 2010
sputnik's Avatar
sputnik sputnik is offline
Port Guard
 
Join Date: Mar 2009
Posts: 23
Thanked 0 Times in 0 Posts
Default

And also variable PATH is not preserved (/usr/local/sbin particularly). Is this really intented behaviour? Some variables ar kept and some are not.
Reply With Quote
  #5   (View Single Post)  
Old 7th September 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,708
Thanked 214 Times in 189 Posts
Default

You might consider a couple of additional man pages:

From su(1):
Quote:
By default, the environment is unmodified with the exception of LOGNAME,
HOME, SHELL, and USER. HOME and SHELL are set to the target login's
default values. LOGNAME and USER are set to the target login, unless the
target login has a user ID of 0 and the -l flag was not specified, in
which case it is unmodified. The invoked shell is the target login's.
This is the traditional behavior of su.
and a command you may not have considered, sudo(8), which has significantly more capability than su. You can set the environment variables you want carried over, or not, by configuration file. And then, you can even override them, as described here for the -E operand:
Quote:
The -E (preserve environment) option will override the
env_reset option in sudoers(5)). It is only available when
either the matching command has the SETENV tag or the
setenv option is set in sudoers(5).
Of course, you'll want to read sudoers(5) as well.
Reply With Quote
  #6   (View Single Post)  
Old 7th September 2010
rocket357's Avatar
rocket357 rocket357 is online now
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 328
Thanked 9 Times in 9 Posts
Default

Solution to what? You haven't been clear about what you *expect* to have happen, and how that differs from what you're observing.

I'm hazarding a guess here...a very quick and dirty workaround (if I'm understanding your complaint correctly) would be to alias su="su -", then source your alias file at the bottom of your .profile.
Reply With Quote
  #7   (View Single Post)  
Old 7th September 2010
sputnik's Avatar
sputnik sputnik is offline
Port Guard
 
Join Date: Mar 2009
Posts: 23
Thanked 0 Times in 0 Posts
Default

That's correct, you've understood my complaint correctly enough. I've reread su(1) manpage and found bit more acceptable "solution" to alias su='su -m'. Thanks for answers!
Reply With Quote
  #8   (View Single Post)  
Old 7th September 2010
Oko's Avatar
Oko Oko is offline
Fsck Surgeon
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 774
Thanked 36 Times in 32 Posts
Default

Quote:
Originally Posted by sputnik View Post
That's correct, you've understood my complaint correctly enough. I've reread su(1) manpage and found bit more acceptable "solution" to alias su='su -m'. Thanks for answers!
Which posses security risk ...
Reply With Quote
  #9   (View Single Post)  
Old 7th September 2010
sputnik's Avatar
sputnik sputnik is offline
Port Guard
 
Join Date: Mar 2009
Posts: 23
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Oko View Post
Which posses security risk ...
How? I presume su -l could be a security risk, but not su -m... :/
Reply With Quote
Old 7th September 2010
Oko's Avatar
Oko Oko is offline
Fsck Surgeon
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 774
Thanked 36 Times in 32 Posts
Default

Quote:
Originally Posted by sputnik View Post
How? I presume su -l could be a security risk, but not su -m... :/
You got it wrong. Reading .profile IS a security risk. Default behavior when you
log as su - and do NOT read .profile is NOT a security risk. Just think about it for a second.
Reply With Quote
Old 8th September 2010
sputnik's Avatar
sputnik sputnik is offline
Port Guard
 
Join Date: Mar 2009
Posts: 23
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Oko View Post
You got it wrong. Reading .profile IS a security risk. Default behavior when you
log as su - and do NOT read .profile is NOT a security risk. Just think about it for a second.
But 'su -m' doesn't read target user's .profile, it leaves unmodified environment as says man su(1)
Quote:
Leave the environment unmodified. The invoked shell is your login shell, and no directory changes are made.
Also csh would read root's .cshrc. Does that mean csh is not secure as root shell?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD: modify .profile for PS1 and PAGER J65nko Guides 1 20th January 2010 12:17 AM
when and by what is .profile read? kasse FreeBSD General 8 11th September 2008 08:46 AM
working with .profile and history uptonm OpenBSD Security 1 15th August 2008 12:14 PM
Firefox profile not saving tonywob FreeBSD General 4 20th May 2008 12:20 PM


All times are GMT. The time now is 10:13 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick