On Mon, Nov 12, 2012 at 12:06:58AM -0500, Adam wrote: > I ran across a strange inconsistency today. What should > > su -l -c 'echo $PATH' > > return when run by an ordinary user (who happens to know the root > password) at the bash prompt? Under Mandriva and CentOS it returns > the user's path, but under Debian it returns root's path. I don't > understand the inconsistency or which response is correct, but that > would seem to make some shell scripts non-portable.
Sudo can be configured to pass or filter environment variables. This may be an artifact of that. You should NEVER trust path, especially not path supplied by a user, in a root script, so this shouldn't affect anything. Yes, I know people do it all the time, the user has sudo already, etc, etc, but this goes back to one of the original unix hacks of "get root to put '.' in his path" and "i can't see a file in my home dir, could you look?" ... and now he's running your copy of 'ls' granting you superuser rights. -m --
signature.asc
Description: Digital signature
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) Vassar College Dec 5 - SysAdmin Panel Jan 9 - High Performance Computing Feb 6 - February Meeting
