David G. Miller wrote:
Stephen Harris <lists@...> writes:
On Mon, Jul 23, 2012 at 02:33:17PM -0500, Les Mikesell wrote:
On Mon, Jul 23, 2012 at 2:18 PM, Stephen Harris <lists@...> wrote:
On Mon, Jul 23, 2012 at 02:14:45PM -0500, Les Mikesell wrote:
Can't you use the usual approach of 'su -' to pick up the target user's login environment?
It's "su -" that causes the 'su' comman to rewrite the PATH to the hardcoded default.
But it should be executing the target user's .profile which can override it. '-' should be a synonym for -l or --login.
You've missed the point. I want the ability to set the default path on 'su -' to be /bin:/usr/bin and then let the users override if they wish. I do not want the default path to be /usr/local/bin:/bin:/usr/bin
Silly question but what are you actually trying to accomplish? Restricting the path doesn't restrict what people can run. Not having
having
/usr/local/bin in the path doesn't stop someone from giving the full path to the program or cd-ing to /usr/local/bin and running something there with ./progName.
Once a user has become root, they own the system. You really can't restrict > them at that point. If you don't want them doing some
things, perhaps su isn't the best solution.
Good point, Dave. Stephen - are you sure you don't want to give them sudo, with limits as to what commands they can run?
mark