r8192 - trunk/BOOK/postlfs/security

Agathoklis D. Hatzimanikas a.hatzim at gmail.com
Thu Jan 7 15:43:32 PST 2010

On Thu, Jan 07, at 01:47 DJ Lucas wrote:
> On 01/05/2010 10:10 PM, ag at linuxfromscratch.org wrote:
> > -<para>ENV_SUPATH is no longer supported.  You must create
> > -            a valid<filename>/root/.bashrc</filename>  file to provide a
> > -            modified path for the super-user.</para>
> > +<para>The ENV_SUPATH option used to modify root's default path
> > +            does not work with PAM. You have to set the path in root's login
> > +            scripts instead.
> > +</para>
> >             </note>
> >    
> Actually, the details are fuzzy as it's been quite a while, so I'll 
> guard my comments with "IIRC."  ENV_SUPATH was used by a su linked to 
> PAM prior to PLD's maintenance of Shadow, and before it went to Debian's 
> Alioth.  The choice of words for that comment was intended for users of 
> old versions of Shadow/PAM.  Additionally, 'su {-,-l,--login}' is a 
> login shell, but not 'su', so .bashrc is incorrect as well as "login 
> scripts."  Personally, I like the original better, but corrected with 
> "initialization scripts" instead of ".bashrc" as it caters to the older 
> users.

I believe the old wording was confusing, as it was proved in BLFS support.
At least the new wording it gives a clear idea to the reader for what
the ENV_SUPATH is being used, so I would like to keep the description of
the ENV_SUPATH. But maybe its better to point to a link to the
wiki with a more extensible explanation (the shadow page is already
bloated I am afraid) to explain with a definite way the problem, if
there is a problem (I am not really sure if there is a problem anymore
and if the note still justified).
But you have a right about the su -l, and .bashrc was incorrect, but
"login scripts" doesn't sound confusing or to say it differently isn't
actually incorrect, although the zsh manual it calls them initialization
Feel free to modify the note, if you have the desire to make the research.

> -- DJ Lucas


More information about the blfs-book mailing list