Page 1 of 1

The "new" su

Posted: Tue May 14, 2019 5:02 am
by khz
When I did a Debian-testing upgrate "su" couldn't get the program names anymore .... (TAB key). After troubleshooting with a search engine of my choice I found the solution.
If I log in with "su -" it works as usual.

####

Using 'su' generates now an path error when launching programs such as 'shutdown'. The cause is a new behavior described below.
---
util-linux (2.32-0.4) unstable; urgency=medium

The util-linux implementation of /bin/su is now used, replacing the
one previously supplied by src:shadow (shipped in login package), and
bringing Debian in line with other modern distributions. The two
implementations are very similar but have some minor differences (and
there might be more that was not yet noticed ofcourse), e.g.

- new 'su' (with no args, i.e. when preserving the environment) also
preserves PATH and IFS, while old su would always reset PATH and IFS
even in 'preserve environment' mode.
- su '' (empty user string) used to give root, but now returns an error.
- previously su only had one pam config, but now 'su -' is configured
separately in /etc/pam.d/su-l

The first difference is probably the most user visible one. Doing
plain 'su' is a really bad idea for many reasons, so using 'su -' is
strongly recommended to always get a newly set up environment similar
to a normal login. If you want to restore behaviour more similar to
the previous one you can add 'ALWAYS_SET_PATH yes' in /etc/login.defs.
---

The new 'su' is useless for me because it cannot launch root program.
I did the modification in /etc/login.defs and restore the previous
behavior. However I am concern with the statement " Doing plain 'su'
is a really bad idea for many reasons".

Source: https://lists.debian.org/debian-user/20 ... 00487.html

Re: The "new" su

Posted: Tue May 14, 2019 12:22 pm
by Linuxmusician01
Do you mean that if you simply use the command "su" without options (to switch to user 'root') that it follows the path of the previous user (i.e. the path variable from /home/my_user_name/)? Do you mean that you must switch to 'root' with the option "-" like so: "su -" for the path to be root's path so it can find commands like "shutdown" etc.?

Re: The "new" su

Posted: Tue May 14, 2019 12:32 pm
by khz
Technically, I can't explain it because I don't know exactly. With the normal "su" I could no longer use the tab key to automatically complete program names or a path.

The "su -" is a BSD function?

Re: The "new" su

Posted: Wed May 15, 2019 11:39 am
by merlyn
If you use su without options it only reads the new user's .bashrc

If you use su - it reads .bash_profile.

Re: The "new" su

Posted: Wed May 15, 2019 11:56 am
by Linuxmusician01
merlyn wrote:If you use su without options it only reads the new user's .bashrc

If you use su - it reads .bash_profile.
What's the difference between those two? Never knew .bash_profile existed...

Re: The "new" su

Posted: Wed May 15, 2019 1:17 pm
by merlyn
You might not have one. It may be that your system uses the defaults. You could find out with

Code: Select all

sudo find / -name .bash_profile

Re: The "new" su

Posted: Tue May 28, 2019 12:37 pm
by Jamesf
It's worth looking into

Code: Select all

sudo
, instead of

Code: Select all

su[code].
Instead of switching user persistently, using that user's password, you use your own password to run a single command as that user. It gives you fewer opportunities to do really bad things to your system, and if you really want to work as another user for a while, [code]sudo -i <username>
does that. Add the

Code: Select all

-H
flag to use that user's home directory and init files as well - sometimes you want that, sometimes you don't (or it doesn't matter).

I've been using that as a sysadmin for well over a decade, and it's saved me from a bunch of oopses.

Re: The "new" su

Posted: Fri Jun 07, 2019 4:24 am
by khz
Source: https://wiki.debian.org/NewInBuster
The su command in buster is provided by the util-linux source package, instead of the shadow source package, and no longer alters the PATH variable by default. This means that after doing su, your PATH may not contain directories like /sbin, and many system administration commands will fail. There are several workarounds:
  • Use su - instead; this launches a login shell, which forces PATH to be changed, but also changes everything else including the working directory.
  • Use sudo instead. sudo still runs commands with an altered PATH variable.
    • To get a regular root shell with the correct PATH, you may use sudo -s.
    • To get a login shell as root (equivalent to su -), you may use sudo -i.
  • Put ALWAYS_SET_PATH yes in /etc/login.defs to get an approximation of the old behavior.
  • Put the system administration directories (/sbin, /usr/sbin, /usr/local/sbin) in your regular account's PATH (see EnvironmentVariables for help with this).
(Release Notes for Debian 10 (buster), 64-bit PC https://www.debian.org/releases/testing ... ex.en.html)