Subject: Re: "Don't login as root, use the su command."
To: None <current-users@netbsd.org>
From: Alan Barrett <apb@cequrux.com>
List: current-users
Date: 02/12/2000 12:19:39
On Fri, 11 Feb 2000, Vebjorn Ljosa wrote:
> > > 	How about 'SU_FROM'?
> > > 	(I like this idea :)

Me too, although perhaps it should be more general.  Imagine something
like LOGIN_PATH="you@desktop!ssh!you@server!su!root@server".

> hereabout we use $LOGNAME for this purpose, because that's what RCS
> will use.  how about having su set $LOGNAME?

"su" and "su -m" should leave LOGNAME alone.  "su -" (or "su -l")
should set LOGNAME to the destination user (but NetBSD's su doesn't do
that).  So LOGNAME doesn't suit the purpose of determining whether
somebody logged in in as root or su'd to root.

"su -" is supposed to simulate a new login.  It discards the entire
environment, replacing it with a fresh version that has only a few
variables set in a way that simulates a fresh login.

NetBSD's login sets HOME, SHELL, PATH, TERM, USER and LOGNAME.  It
also sets KRBTKTFILE and KRB5CCNAME if appropriate.

NetBSD's "su -" sets HOME, SHELL, PATH, TERM and USER, but not
LOGNAME.  It also sets KRBTKTFILE if appropriate, but not KRB5CCNAME.

"su -" should try harder to set up the environment in the same way
that login would have done; perhaps execing "login -f" is the only
thing that will really be guaranteed to give the right results without
the risk of code divergence.  It could still set a SU_FROM variable,
and invoke login with the "-p" option to prevent login from destroying
the SU_FROM variable.

--apb (Alan Barrett)