FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 07-23-2012, 08:31 PM
Les Mikesell
 
Default su path hard coded?

On Mon, Jul 23, 2012 at 3:02 PM, Stephen Harris <lists@spuddy.org> wrote:
> >
> That's never a reasonable solution for an enterprise distro; what happens
> at the next "yum update"? :-)

The reasonable solution is to live with the defaults...

> If the answer is "it's hard coded; nothing you can do" then I guess
> I'll have to live with it. I'm hoping, though, that there's a better
> solution :-)

Hmmm, per 'man su' on a debian system, you can override with ENV_PATH
(default /bin:/usr/bin) or (for root) ENV_SUPATH (default
/sbin:/bin:/usr/sbin:/usr/bin) /etc/login.defs. Adding
/usr/local/bin must be an RH-specific patch.


--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-23-2012, 09:57 PM
Stephen Harris
 
Default su path hard coded?

On Mon, Jul 23, 2012 at 03:31:12PM -0500, Les Mikesell wrote:
> Hmmm, per 'man su' on a debian system, you can override with ENV_PATH
> (default /bin:/usr/bin) or (for root) ENV_SUPATH (default
> /sbin:/bin:/usr/sbin:/usr/bin) /etc/login.defs. Adding
> /usr/local/bin must be an RH-specific patch.

AIUI, different versions of su. Those values don't work on RH and
downstreams.

--

rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-23-2012, 11:16 PM
Robert Nichols
 
Default su path hard coded?

On 07/23/2012 02:37 PM, Stephen Harris wrote:
> On Mon, Jul 23, 2012 at 02:33:17PM -0500, Les Mikesell wrote:
>> On Mon, Jul 23, 2012 at 2:18 PM, Stephen Harris<lists@spuddy.org> wrote:
>>> On Mon, Jul 23, 2012 at 02:14:45PM -0500, Les Mikesell wrote:
>>>> Can't you use the usual approach of 'su -' to pick up the target
>>>> user's login environment?
>>>
>>> It's "su -" that causes the 'su' comman to rewrite the PATH to the
>>> hardcoded default.
>>>
>>
>> But it should be executing the target user's .profile which can
>> override it. '-' should be a synonym for -l or --login.
>
> You've missed the point. I want the ability to set the default path on
> 'su -' to be /bin:/usr/bin and then let the users override if they wish.
> I do not want the default path to be /usr/local/bin:/bin:/usr/bin

Have you tried changing the setting for secure_path in /etc/sudoers?
The manpage for "sudoers" has some more info about this.

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-23-2012, 11:18 PM
Stephen Harris
 
Default su path hard coded?

On Mon, Jul 23, 2012 at 06:16:57PM -0500, Robert Nichols wrote:
> On 07/23/2012 02:37 PM, Stephen Harris wrote:

> > You've missed the point. I want the ability to set the default path on
> > 'su -' to be /bin:/usr/bin and then let the users override if they wish.
> > I do not want the default path to be /usr/local/bin:/bin:/usr/bin
>
> Have you tried changing the setting for secure_path in /etc/sudoers?
> The manpage for "sudoers" has some more info about this.

"su", not "sudo".

--

rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-24-2012, 05:41 AM
Mogens Kjaer
 
Default su path hard coded?

On 07/23/2012 10:02 PM, Stephen Harris wrote:
> That's never a reasonable solution for an enterprise distro; what happens
> at the next "yum update"? :-)

You could put your locally modified su into /usr/local/bin :-)

Mogens

--
Mogens Kjaer, mk@lemo.dk
http://www.lemo.dk
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-24-2012, 04:46 PM
David G. Miller
 
Default su path hard coded?

Stephen Harris <lists@...> writes:

>
> On Mon, Jul 23, 2012 at 02:33:17PM -0500, Les Mikesell wrote:
> > On Mon, Jul 23, 2012 at 2:18 PM, Stephen Harris <lists@...> wrote:
> > > On Mon, Jul 23, 2012 at 02:14:45PM -0500, Les Mikesell wrote:
> > >> Can't you use the usual approach of 'su -' to pick up the target
> > >> user's login environment?
> > >
> > > It's "su -" that causes the 'su' comman to rewrite the PATH to the
> > > hardcoded default.
> > >
> >
> > But it should be executing the target user's .profile which can
> > override it. '-' should be a synonym for -l or --login.
>
> You've missed the point. I want the ability to set the default path on
> 'su -' to be /bin:/usr/bin and then let the users override if they wish.
> I do not want the default path to be /usr/local/bin:/bin:/usr/bin
>

Silly question but what are you actually trying to accomplish? Restricting the
path doesn't restrict what people can run. Not having having /usr/local/bin in
the path doesn't stop someone from giving the full path to the program or cd-ing
to /usr/local/bin and running something there with ./progName.

Once a user has become root, they own the system. You really can't restrict
them at that point. If you don't want them doing some things, perhaps su isn't
the best solution.

Cheers,
Dave


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-24-2012, 06:36 PM
 
Default su path hard coded?

David G. Miller wrote:
> Stephen Harris <lists@...> writes:
>> On Mon, Jul 23, 2012 at 02:33:17PM -0500, Les Mikesell wrote:
>> > On Mon, Jul 23, 2012 at 2:18 PM, Stephen Harris <lists@...> wrote:
>> > > On Mon, Jul 23, 2012 at 02:14:45PM -0500, Les Mikesell wrote:
>> > >> Can't you use the usual approach of 'su -' to pick up the target
>> > >> user's login environment?
>> > >
>> > > It's "su -" that causes the 'su' comman to rewrite the PATH to the
>> > > hardcoded default.
>> > >
>> > But it should be executing the target user's .profile which can
>> > override it. '-' should be a synonym for -l or --login.
>>
>> You've missed the point. I want the ability to set the default path on
>> 'su -' to be /bin:/usr/bin and then let the users override if they wish.
>> I do not want the default path to be /usr/local/bin:/bin:/usr/bin
>
> Silly question but what are you actually trying to accomplish?
> Restricting the path doesn't restrict what people can run. Not having
having
> /usr/local/bin in the path doesn't stop someone from giving the full
> path to the program or cd-ing to /usr/local/bin and running something
> there with ./progName.
>
> Once a user has become root, they own the system. You really can't
> restrict > them at that point. If you don't want them doing some
things, perhaps su isn't the best solution.

Good point, Dave. Stephen - are you sure you don't want to give them sudo,
with limits as to what commands they can run?

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-24-2012, 07:11 PM
Les Mikesell
 
Default su path hard coded?

On Tue, Jul 24, 2012 at 1:36 PM, <m.roth@5-cent.us> wrote:
> >>
>> Once a user has become root, they own the system. You really can't
>> restrict > them at that point. If you don't want them doing some
> things, perhaps su isn't the best solution.
>
> Good point, Dave. Stephen - are you sure you don't want to give them sudo,
> with limits as to what commands they can run?

Or if the real issue is shared use of a machine with some conflicts of
interest, giving different users or groups their own VM's might be a
better solution than trying to play referee.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-24-2012, 11:33 PM
Stephen Harris
 
Default su path hard coded?

On Tue, Jul 24, 2012 at 04:46:24PM +0000, David G. Miller wrote:
> Stephen Harris <lists@...> writes:

> > You've missed the point. I want the ability to set the default path on
> > 'su -' to be /bin:/usr/bin and then let the users override if they wish.
> > I do not want the default path to be /usr/local/bin:/bin:/usr/bin
>
> Silly question but what are you actually trying to accomplish? Restricting the

I want the ability to "set the default path". That's all. Just so that
when I do "su - foobar" then the path defaults to /bin:/usr/bin. If foobar
wants to add /usr/local/bin then foobar decides. If I decide I want the
default path to be /myspecial/bin:/bin:/usr/bin (so that all my users get
this, by default) then I can.

Just "set the default path". Nothing more, nothing less.

--

rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-24-2012, 11:43 PM
John R Pierce
 
Default su path hard coded?

On 07/24/12 4:33 PM, Stephen Harris wrote:
> I want the ability to "set the default path". That's all. Just so that
> when I do "su - foobar" then the path defaults to /bin:/usr/bin. If foobar
> wants to add /usr/local/bin then foobar decides. If I decide I want the
> default path to be /myspecial/bin:/bin:/usr/bin (so that all my users get
> this, by default) then I can.
>
> Just "set the default path". Nothing more, nothing less.

set it in /etc/profile then. that gets run on su -l $someuser



--
john r pierce N 37, W 122
santa cruz ca mid-left coast

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 08:21 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org