On Sun, 22 Jan 2012 23:54:13 -0500, Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote: > i suppose it's possible to argue that we should be supplying the -l flag > to su here, though i'm not sure what else that would break, since it > would end up clearing the entire environment for the subprocess (which > i'm pretty sure we don't want to do).
I can't tell under what circumstances su PAM modules are used and when they're not. Do you think they are used with -l ("login") whereas they're not without? I would have suggested we use both -l and -p ("preserve-environment"), but looking at the su man page for -p: If --login is used, the $TERM, $COLORTERM, $DISPLAY, and $XAUTHORITY environment variables are copied if they were set. Presumably all others are ignored. I guess we need some experiments. jamie.
pgplQ8tKrGetM.pgp
Description: PGP signature