Disable environment settings

Kenny Lussier klussier at gmail.com
Tue Jun 3 12:36:08 EDT 2008


On Tue, Jun 3, 2008 at 12:11 PM, Bill McGonigle <bill at bfccomputing.com>
wrote:

>
> On Jun 3, 2008, at 12:01, Kenny Lussier wrote:
>
>  The problem that I am running into now is how to
>> maintain that variable when they `su - user`.
>>
>
> The question doesn't really make sense.  the '-' means, 'replace the
> current environment'.  So, to rephrase your question, "How can I get it to
> keep the current environment when I tell it to replace the current
> environment?" :)


EXACTLY!! :) They use `su -` because it replaces their regular user
environment with a special environment for "special"  users. Unfortunately,
using `su -` re-reads /etc/profile which will re-source the login script,
and prompt them for their ticket number again. This is when they get annoyed
:-) What I'd like to do is have the login script check to see if the login
is an `su -` , and if so, get the environment variable from the parent shell
and set it according for the child shell, and bypass the prompts. Of course,
what "I'd like" and what is realistically possible are usually completely at
odds with one another :-)


>
> So,  'su user' might work, but really this kind of job is what sudo is for.


> You might need to add users into groups, defined stuff in sudoers, and even
> fix some old software with hardcoded assumptions, but I'm pretty sure you'll
> think it's worth doing right.
>


A plain su works fine, as it doesn't replace the environment and it isn't a
login shell. su - is a login shell. Sudo is in extensive use, but it doesn't
cover all of the odd cases that we seem to be running into. I like sudo.
Unfortunately, people get tired of typing it when they need to run 100+
commands as another user to diagnose a problem. The option that they have
choosing until now is to simply ssh in as the "special" users, which is not
acceptable. Making them log in as themselves is fine, as long as we can
provide them with the same functionality and not impose any new annoyances.
And yes, I know that it is contradictory (security is inversely proportional
to productivity and all), but it is the reality of the situation...


C-Ya,
Kenny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20080603/392f4c87/attachment-0001.html 


More information about the gnhlug-discuss mailing list