/sbin:/usr/sbin in mortal's PATH

Lamont R. Peterson lamont at gurulabs.com
Tue May 9 15:05:28 UTC 2006 

On Monday 08 May 2006 09:39pm, Chris Tyler wrote:
> Here's a related issue with the PATHs (which is why I change
> the /etc/profile on my systems): a simple 'su' won't munge the superuser
> directories into the PATH, because /etc/profile isn't invoked. If the
> superuser directories are in the default PATH, a plain 'su' becomes a
> lot more useful (and yes, 'su -' works, but then you lose the current
> directory). An alternative would be to put path munging code
> in /etc/bashrc (or, somehow, the PAM config for 'su').

The $PATH & pwd being "changed" when properly using "su -", is not the only 
difference.  There are other things that are not happening properly when you 
simply "su" instead of having su provide a login shell.  Some of these other 
things are subtle and can bite without being noticed.

The real issue is that running su without the "-" means that you have not set 
up your environment properly for the target user (usually root, but it *can* 
be almost any user); some things are set up and other things are not.

The "only" reason most people get into the bad practice of (sometimes?) 
running "su" instead of "su -" (like they should *always* do unless they 
_really_ know what they are doing, and even then...), is because of the new 
shell's pwd being the new user's home directory.  That's easy to fix, though.  
Here are two methods I have used:

1.  Run pwd first and use the mouse (if you can):
$ pwd
/usr/share/doc/foo-1.0.0/stuff/things [select this with the mouse]
$ su -
Password:
# cd [middle click the mouse, or type the path]

This technique works on systems that I don't use regularly (or are not mine).

2.  I place the attached little script into my /etc/ directory and add this to 
~/.bashrc (following the inclusion of /etc/bashrc) for each user who wants to 
use it:

# Setup the color prompt.
if [ -r /etc/bash-colorprompt ]; then
        . /etc/bash-colorprompt
fi

This creates a nice, easy to read (partly thanks to some color, IMHO), two 
line prompt like:

[ lamontp at corsair /usr/share/doc/kernel-xxx/Documentation ]
2006/05/09 09:00:04 [0]$

Since I left a space between the machine name and the path, it's easy to 
double click it with the mouse to copy it, either before or after I run "su 
-".  If you are at a virtual terminal, it's easy to read it and using tab 
completion, it's easy to get back to the path or (if you have a working 
console mouse setup) to also select and middle-click paste it.

In both cases, running "su -" isn't hard to do and you have things set up 
correctly.

[snip]

So, I say don't change the path setups.  They already work correctly.

However, the ifconfig command is one that I might consider doing something 
about.  Taking a quick peek at /sbin/ and /bin/sbin/, I don't see any other 
commands that I would consider placing within "easy reach" of regular users.

Perhaps moving ifconfig to /bin/ or creating a symlink in /bin/ifconfig 
-> /sbin/ifconfig or creating an "ifstat" (or "ifinfo" or "ifconf" or 
"ifconfig"?) script to go with ifup & ifdown, making it available to regular 
users.
-- 
Lamont R. Peterson <lamont at gurulabs.com>
Senior Instructor
Guru Labs, L.C. [ http://www.GuruLabs.com/ ]
GPG Key fingerprint: F98C E31A 5C4C 834A BCAB  8CB3 F980 6C97 DC0D D409
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bash-colorprompt
Type: application/x-shellscript
Size: 1093 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20060509/6608f04f/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20060509/6608f04f/attachment.sig>

More information about the fedora-devel-list mailing list