[CentOS] su path hard coded?

David G. Miller dave at davenjudy.org
Tue Jul 24 16:46:24 UTC 2012


Stephen Harris <lists at ...> writes:

> 
> On Mon, Jul 23, 2012 at 02:33:17PM -0500, Les Mikesell wrote:
> > On Mon, Jul 23, 2012 at 2:18 PM, Stephen Harris <lists at ...> wrote:
> > > On Mon, Jul 23, 2012 at 02:14:45PM -0500, Les Mikesell wrote:
> > >> Can't you use the usual approach of 'su -' to pick up the target
> > >> user's login environment?
> > >
> > > It's "su -" that causes the 'su' comman to rewrite the PATH to the
> > > hardcoded default.
> > >
> > 
> > But it should be executing the target user's .profile which can
> > override it.   '-' should be a synonym for -l or --login.
> 
> You've missed the point.  I want the ability to set the default path on
> 'su -' to be /bin:/usr/bin and then let the users override if they wish.
> I do not want the default path to be /usr/local/bin:/bin:/usr/bin
> 

Silly question but what are you actually trying to accomplish?  Restricting the
path doesn't restrict what people can run.  Not having having /usr/local/bin in
the path doesn't stop someone from giving the full path to the program or cd-ing
to /usr/local/bin and running something there with ./progName.

Once a user has become root, they own the system.  You really can't restrict
them at that point.  If you don't want them doing some things, perhaps su  isn't
the best solution.

Cheers,
Dave





More information about the CentOS mailing list