ECI wrote:
>>>
>>>>I'm using a LFS 5.1.1 with cracklib + pam + shadow. I have recently
>>
>>upgraded
>>
>>>>PAM (0.80) and shadow (4.0.10) and cracklib according to the BLFS dev
>>
>>book
>>
>>>>and have a problem with su and PATH variable.
>>>
>>>
>>>This issue was recently discovered and a bug has already been entered
>>>into the bug tracking system. Currently, there is no known solution
>>>other than to use su -.
>>>
>>
>>As the bug report shows, add
>>'PATH DEFAULT=/usr/local/bin:/usr/bin:/bin:... OVERIDE=${PATH}' to
>>/etc/security/pam_env.conf to create a valid user path. For a default
>>root (superuser) path, create a valid /root/.bashrc that contains the
>>overidden path desired.
>>
>
>
> I think there is a case where this won't work. The one of root doing su to
> become a user.
>
> [EMAIL PROTECTED] ~]
> 1$ echo $PATH
> /bin:/usr/bin:/usr/local/bin <= user PATH is OK.
> [EMAIL PROTECTED] ~]
> 2$ su -
> Password:
> [EMAIL PROTECTED] ~]
> 1# echo $PATH <= ROOT PATH is ok (.bashrc..)
> /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
> [EMAIL PROTECTED] ~]
> 2# su user
> [EMAIL PROTECTED]:/root$ echo $PATH
> /usr/gnu/bin:/usr/local/bin:/usr/ucb:/bin:/usr/bin:. <= user bad PATH
> (bash default)
> [EMAIL PROTECTED]:/root$
>
> Emmanuel.
>
Yes, it should be required by 'session' not 'auth'. _Needs_ to be
changed only in /etc/pam.d/su, but to be proper, even though auth will
always occur for login, it should be changed there too. Changes for
both coming for head. Also, of note is the errors generated durring the
test....we should make a backup copy login.defs and edit the new before
the test. These should both be fixed for 6.1.
-- DJ Lucas
--
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
