Stephen Harris <lists@...> writes:
On Mon, Jul 23, 2012 at 02:33:17PM -0500, Les Mikesell wrote:
On Mon, Jul 23, 2012 at 2:18 PM, Stephen Harris <lists@...> wrote:
On Mon, Jul 23, 2012 at 02:14:45PM -0500, Les Mikesell wrote:
Can't you use the usual approach of 'su -' to pick up the target user's login environment?
It's "su -" that causes the 'su' comman to rewrite the PATH to the hardcoded default.
But it should be executing the target user's .profile which can override it. '-' should be a synonym for -l or --login.
You've missed the point. I want the ability to set the default path on 'su -' to be /bin:/usr/bin and then let the users override if they wish. I do not want the default path to be /usr/local/bin:/bin:/usr/bin
Silly question but what are you actually trying to accomplish? Restricting the path doesn't restrict what people can run. Not having having /usr/local/bin in the path doesn't stop someone from giving the full path to the program or cd-ing to /usr/local/bin and running something there with ./progName.
Once a user has become root, they own the system. You really can't restrict them at that point. If you don't want them doing some things, perhaps su isn't the best solution.
Cheers, Dave