> How difficult would it be, for the sake of compatibility if nothing > else, to teach su not to create a new PAM session when it doesn't > already run within one?
You don't want to do that in general since that defeats the primary purpose of su: creating a new session as a different user. It's sort of an interesting question as to whether you want to set up a new session when running a single command. I'm a little surprised that su does this as opposed to only calling setcred. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87oaz1znhv....@windlord.stanford.edu