[CentOS] su path hard coded?

m.roth at 5-cent.us m.roth at 5-cent.us
Tue Jul 24 18:36:15 UTC 2012


David G. Miller wrote:
> Stephen Harris <lists at ...> writes:
>> On Mon, Jul 23, 2012 at 02:33:17PM -0500, Les Mikesell wrote:
>> > On Mon, Jul 23, 2012 at 2:18 PM, Stephen Harris <lists at ...> wrote:
>> > > On Mon, Jul 23, 2012 at 02:14:45PM -0500, Les Mikesell wrote:
>> > >> Can't you use the usual approach of 'su -' to pick up the target
>> > >> user's login environment?
>> > >
>> > > It's "su -" that causes the 'su' comman to rewrite the PATH to the
>> > > hardcoded default.
>> > >
>> > But it should be executing the target user's .profile which can
>> > override it.   '-' should be a synonym for -l or --login.
>>
>> You've missed the point.  I want the ability to set the default path on
>> 'su -' to be /bin:/usr/bin and then let the users override if they wish.
>> I do not want the default path to be /usr/local/bin:/bin:/usr/bin
>
> Silly question but what are you actually trying to accomplish?
> Restricting the path doesn't restrict what people can run.  Not having
having
> /usr/local/bin in the path doesn't stop someone from giving the full
> path to the program or cd-ing to /usr/local/bin and running something
> there with ./progName.
>
> Once a user has become root, they own the system.  You really can't
> restrict > them at that point.  If you don't want them doing some
things, perhaps su isn't the best solution.

Good point, Dave. Stephen - are you sure you don't want to give them sudo,
with limits as to what commands they can run?

       mark




More information about the CentOS mailing list