HPE Community
Operating System - HP-UX
1752815 Members
5665 Online
108789 Solutions
New Discussion юеВ

Re: SHLIB_PATH and su

 
SOLVED
Go to solution
DELAIRE_1
Occasional Advisor

тАО04-23-2009 05:09 AM

тАО04-23-2009 05:09 AM

SHLIB_PATH and su

Hello,

I have a problem with my environnement variable : SHLIB_PATH.

I have initialize it in /etc/profile :

SHLIB_PATH=/usr/lib ....
export SHLIB_PATH

When i'm connect with one user it's ok :

echo $SHLIB_PATH
SHLIB_PATH=/usr/lib

But, if i use "su" like this way :

su toto

(witout the "-")

My environnement variable SHLIB_PATH disappear... And only SHLIB_PATH. I had try with an other and it's ok ...

I don't understand.

Can you help me, please ?

(Sorry for my english, i'm french ...)

Thanks.
0 Kudos
5 REPLIES 5
Pete Randall
Outstanding Contributor

тАО04-23-2009 05:19 AM

тАО04-23-2009 05:19 AM

Re: SHLIB_PATH and su

Looking at the su man page, we see that "su executes a new shell with the real and effective user ID, real and effective group ID, and group access list set to that of the specified user. The new shell is the one specified in the shell field of the new user's entry in the password file, /etc/passwd."

If you use the minus sign ("-"), "the new shell starts up as if the new user had initiated a new login session" and the environment is set accordingly. Without the minus sign, this does not happen - you just start a new shell without setting any special environment.


Pete

Pete
0 Kudos
Steven E. Protter
Exalted Contributor

тАО04-23-2009 05:21 AM

тАО04-23-2009 05:21 AM

Re: SHLIB_PATH and su

Shalom,

su without the - just changes the user and gives you the new users power. It does not load the environment of the new user and does not null value in SHLIB_PATH.

su - username

Loads the new users environment which clearly does not have settings for SHLIB_PATH

As Pete points out its all in the man page which states it better than I can.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
James R. Ferguson
Acclaimed Contributor

тАО04-23-2009 05:21 AM

тАО04-23-2009 05:21 AM

Re: SHLIB_PATH and su

Hi:

Your English is fine!

You need to specify 'SU_KEEP_ENV_VARS=SHLIB_PATH' in '/etc/security/default'. If you do not have the file, simply create it. See the manpages for details:

http://docs.hp.com/en/B3921-60631/security.4.html

Regards!

...JRF...
0 Kudos
Duncan Edmonstone
HPE Pro

тАО04-23-2009 05:25 AM

тАО04-23-2009 05:25 AM

Solution

Re: SHLIB_PATH and su

This is done for security purposes to ensure you don't end up looading dodgy shared libraries - you have to explicityly set it again. This is described in the man page for su. Your choices for getting around this are:

i) Just set SHLIB_PATH again after you su, or:

ii) Make a global change to the system to not behave like this. To do this edit or create the file /etc/default/security and add the line:

SU_KEEP_ENV_VARS=SHLIB_PATH

But be aware this is changed for the whole system, so if you have security standards and/or a security team you might want to consider if its the right thing to do.

You can read more about this in the man page security(4) :

man 4 security

HTH

Duncan


I am an HPE Employee
Accept or Kudo
0 Kudos
DELAIRE_1
Occasional Advisor

тАО04-23-2009 05:30 AM

тАО04-23-2009 05:30 AM

Re: SHLIB_PATH and su

Thanks for your answers !

It works with the file /etc/default/security (and not /etc/security/default, but it's written in the man page that you give)

Thanks for your help !

:-)
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.