A Linux su
surprise
I found out about Linux su
's '-p
' option from comments on a a
previous entry. The option is also known as -m
and --preserve-environment
; the manpage describes it tersely as 'do
not reset environment variables', but the info document tells the full
story:
Do not change the environment variables `HOME', `USER', `LOGNAME', or `SHELL'. Run the shell given in the environment variable `SHELL' instead of the shell from USER's passwd entry, unless the user running `su' is not the superuser and USER's shell is restricted. A "restricted shell" is one that is not listed in the file `/etc/shells', or in a compiled-in list if that file does not exist. Parts of what this option does can be overridden by `--login' and `--shell'.
I'm used to old-fashioned su
's that always run the target user's
login shell, no matter what. Being able to override the login shell is a
bit alarming; although there are safeguards, it does make what you put
in /etc/shells
somewhat more dangerous. (Clearly you never want to put
/bin/false
or the like in there, in order to get something else to
work right.)
At the same time, being able to run alternate shells for 'restricted'
accounts as root is a useful trick (whether done through -p
or
directly through --shell
). I'll have to remember it for the next
time I want to fiddle with an environment owned by such an account; it
certainly beats trying to do it as root and then chown
'ing the setup
all over.
|
|