netbsd-users: Re: ksh won't read /etc/suid

Subject: Re: ksh won't read /etc/suid_profile
To: Andrew Brown <atatat@atatdot.net>
From: Andrew Basterfield <list@lostgeneration.fsnet.co.uk>
List: netbsd-users
Date: 05/20/2002 16:38:01
--=.57uRyIf5SXhy/I
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Mon, 20 May 2002 11:03:21 -0400
Andrew Brown <atatat@atatdot.net> wrote:

> >a non-login shell.  I have tried creating a symlink called
> >/etc/suid_profile pointing to /etc/profile and I have tried creating a
> >proper file, both are ignored. 'strings /bin/ksh | grep suid_profile'
> >confirms it's in the (stock NetBSD 1.5.2) binary.
> 
> when you su, the shell is not privileged, wrt the definition in the
> ksh man page:
> 
>        A  shell  is privileged if the -p option is used or if the
>        real user-id or group-id  does  not  match  the  effective
>        user-id  or group-id (see getuid(2), getgid(2)).  A privi-
>        leged shell does not process $HOME/.profile  nor  the  ENV
>        parameter  (see below), instead the file /etc/suid_profile
>        is processed.  Clearing the privileged option  causes  the
>        shell  to set its effective user-id (group-id) to its real
>        user-id (group-id).
> 
> when you su, your real uid and effective uid will match, so it won't
> read /etc/suid_profile, but i suspect it also doesn't read
> /etc/profile because it's not a login shell. 

OK that makes sense now, I forgot 'su' sets your real UID to the new UID,
it's your login in wtmp that stays the same.

/etc/profile or ~/.profile is only read for a full login (or simulated
login with 'su -l')

> otoh, if you do this instead
> 
> 	su root -l
> 
> it *will* be a login shell, so it will read /etc/profile.  you can
> also use -p (or combine them) there if you wish.

I might as well login as root at the getty. I loose the advantages of 'su'
if I have a full root login.

I want to be root without a full login, but I still want to run a script
to set my editing options when the new shell starts (like ~/.bashrc). It
seems I can't do this with ksh.

Maybe I'll start looking at the ksh sources now...

--Andrew

-- 
sparc sun4c stuff:
	http://www.lostgeneration.freeserve.co.uk/sparc
PGP key for list@lostgeneration.freeserve.co.uk:
	http://www.lostgeneration.freeserve.co.uk/list.freeserve.co.uk.asc

--=.57uRyIf5SXhy/I
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iD8DBQE86RhdyYlchKHrWIURAif7AJ9RNnooQhcatGfknlQ/ejx/szJkhACfbDcg
B28VgNXw4gUcnU3ITv5tXkc=
=yOQy
-----END PGP SIGNATURE-----

--=.57uRyIf5SXhy/I--