Bug 102567 - /bin/su compiled-in PATH conflicts with LSB, util-linux
/bin/su compiled-in PATH conflicts with LSB, util-linux
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: coreutils (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ondrej Vasik
Depends On:
  Show dependency treegraph
Reported: 2003-08-18 01:09 EDT by Steve Bonneville
Modified: 2008-01-28 07:02 EST (History)
0 users

See Also:
Fixed In Version: RHBA-2005-544
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-28 07:02:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Replacement for existing sh-utils-1.16-paths.patch. (715 bytes, patch)
2003-08-18 01:11 EDT, Steve Bonneville
no flags Details | Diff

  None (edit)
Description Steve Bonneville 2003-08-18 01:09:27 EDT
Description of problem:
The sh-utils-1.16-paths.patch applied to the coreutils RPM incorrectly sets the
compiled-in PATH used by 'su -' when it starts a login shell.  It conflicts with
both the LSB specification of su(1) and the actual behavior of login(1) [which
is set by lib/pathnames.h in the util-linux package].  The sbin and bin versions
of directories are set in opposite orders.
The /bin/su program in coreutils sets default PATH to
  (regular user): /bin:/usr/bin:/usr/local/bin:/usr/bin/X11
  (root): /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin/X11
The LSB 1.3 says that the default PATH set by 'su -' before /etc/profile is
executed should be
  (regular user): /bin:/usr/bin
  (root): /sbin:/bin:/usr/sbin:/usr/bin
The /bin/login program from util-linux uses a default PATH almost identical to
the /bin/su LSB specification:
  (regular user): /usr/local/bin:/bin:/usr/bin
  (root): /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
[The man page for login(1) which discusses the default PATH is incorrect; see
bug #102566.]
The result is that when starting up a default login shell, PATH is set
differently by /bin/login and /bin/su.  The order of sbin and bin directories in
the resulting PATH is different, which has contributed to at least one bug where
a program name (up2date) existed in both /usr/bin and /usr/sbin [#102331].
Version-Release number of selected component (if applicable):
  coreutils-4.5.3-24 (/bin/su)
  util-linux-2.11y-22 (/bin/login)
  setup-2.5.25-1 (bash startup scripts)
This problem also affects RHEL 2.1 AS and RHL 9.
Steps to Reproduce:
1.  Login as root through a virtual console and 'echo $PATH'.
2.  Login as a regular user through a virtual console, 'su -', and 'echo $PATH'.

Suggested fix:
A replacement patch for sh-utils-1.16-paths.patch from coreutils is attached,
which changes the default PATH to match the behavior of lib/pathnames.h from
util-linux-2.11y and fixes the immediate problem.
[This patch doesn't strictly follow the LSB.  According to the LSB, /usr/local
paths shouldn't be set by default by /bin/su, which this patch does.  That
should probably be done in /etc/profile, but that would require changes to the
setup package, and possibly util-linux as well for consistency.]
Comment 1 Steve Bonneville 2003-08-18 01:11:26 EDT
Created attachment 93702 [details]
Replacement for existing sh-utils-1.16-paths.patch.
Comment 2 Steve Bonneville 2003-08-19 16:27:54 EDT
An additional LSB conformance violation is that the coreutils /bin/su does not
honor the ENV_PATH and ENV_SUPATH definitions in /etc/login.defs.  Of course,
this is because the LSB assumes that the version of su that is in the
shadow-utils pristine source (which we don't package) is being used instead of
the coreutils version of su.
Comment 5 Ondrej Vasik 2008-01-28 07:02:46 EST
Closing that forgotten modified bugzilla as ERRATA RHBA-2005:544 - duplicate bug
#158741 was fixed in that update. Feel free to reopen this bug report if the
solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.