- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Fresh 11iv3 install has SU_DEFAULT_PATH active?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2007 08:16 PM
04-19-2007 08:16 PM
UMASK
ABORT_LOGIN_ON_MISSING_HOMEDIR
NOLOGIN
SU_DEFAULT_PATH
The last one tripped up some application scripts that expected su subshells to retain the parent PATH value. Is this standard behaviour for a fresh install of 11iv3, and is it documented anywhere?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2007 08:42 PM
04-19-2007 08:42 PM
Re: Fresh 11iv3 install has SU_DEFAULT_PATH active?
This attribute defines a new default PATH environment value to be set when su to a
non-superuser account is done. Refer to su(1).
SU_DEFAULT_PATH=new_PATH
The PATH environment variable is set to new_PATH when the su command is
invoked. The path value is not validated. This attribute does not apply to a superuser
account, and is applicable only when the "-" option is not used with the su command.
Default value: If this attribute is not defined or if it is commented out, PATH is not
changed.
So from my reading of the above you could change your scripts to use "-" with su or if you don't want it at all just comment it out.
Hope this helps,
Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2007 08:55 PM
04-19-2007 08:55 PM
Re: Fresh 11iv3 install has SU_DEFAULT_PATH active?
I'm QAing the product it affects, so I need to know if this is standard behaviour, which will require changes to our product, or something anomalous, which is unlikely to affect our customers.
Can anyone with a fresh 11iv3 confirm those variables as active on their systems? Can anyone point me to some documentation for this change? Can anyone suggest options I may have selected during my install that would have made these variables active?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-20-2007 01:37 AM
04-20-2007 01:37 AM
Re: Fresh 11iv3 install has SU_DEFAULT_PATH active?
Rgds...Geoff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-20-2007 02:02 PM
04-20-2007 02:02 PM
SolutionDid you select an Install Time Security Level at install-time? Run 'bastille -l' to find the config which may have been applied.
I believe this would explain the situation you are in. The install time levels are documented in the 11.31 and 11.23 release notes. We would be interested in more details of your problem as you find out more so we can make sure this tradeoff is adequately documented in the Bastille question, as well as any other problems you might notice with an unexpected security level applied. (assuming my guess is correct) We tried to make the documentation clear, but it sounds like you may not have had the opportunity to read it yet :)
Hope that helps.
-Keith
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2007 08:41 PM
04-22-2007 08:41 PM
Re: Fresh 11iv3 install has SU_DEFAULT_PATH active?
# bastille -l
The last bastille run corresponds to the following profiles:
/etc/opt/sec_mgmt/bastille/configs/defaults/HOST.config
/etc/opt/sec_mgmt/bastille/config
Looking at this document; http://docs.hp.com/en/5187-2725/ch02s04.html
; confirms that config file is used if sec10host is selected during install. I don't remember choosing that option, but the evidence is fairly damning.
There's nothing about install-time security or bastille in;
http://docs.hp.com/en/5991-6451/5991-6451.pdf
; but I suspect that's because the functionality was added in 11iv2. That was factory-installed on our hardware, so 11iv3 is my first install with the functionality. Guess I should have RTFM a little more closely.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2007 07:03 AM
04-23-2007 07:03 AM
Re: Fresh 11iv3 install has SU_DEFAULT_PATH active?
I find it interesting that out of the 80 or so changes that the Host level configured on your system, you didn't mention any of the rest. We are interested in feedback on the right default Install-time Security level (right now it is "tools only, do nothing") and it sounds like most of the changes had little impact on you.
In surveys we've gotten a fairly positive response that folks would like a higher default security level, but it's unclear in those surveys if the respondents had enough details to make an informed decision. Since you just got tripped up by it, your input would be valuable.
Thanks, and glad I was able to help you find the cause...
-Keith
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2007 07:58 AM
04-23-2007 07:58 AM