From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2.1) Gecko/20010901 Description of problem: the sshd binary in the latest openssh server, openssh-server-2.9p2-12.i386.rpm was compiled with /usr/local/sbin as the first directory in root's path and /usr/local/bin as the first directory in a normal user's path. Was this your intent? Seems like a horrid security hole to me. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Just install the RPM 2. 3. Actual Results: Log in as root or as a normal user and check your $PATH Expected Results: I would want my $PATH to start with /bin:/usr/bin...... Additional info:
This is done to match the behavior of login. Neither /usr/local/bin nor /usr/local/sbin are writable by users other than root, so I don't consider it a problem. If the PATH as set by login is different, then sshd should be modified to match. I'm not adverse to changing it, but the current behavior is intentional.