Package: util-linux Version: 2.32-0.4 Severity: normal Dear Andreas, Maintainer,
the change to 'su' from 'util-linux' broke an important workload for me: My backup script, running as root, needs access to the SSH agent running as user in order to backup remote machines. It needs root access for doing BTRFS-Snapshots – I could change that to sudo - and also for writing out the data with correct ownership preserved. It uses some commands that are in 'sbin' directories. Thus I set the PATH manually in the script initially, as your explaination which I appreciate was not available at the time the change happened. But then I left that 'su' without setting new environment open, which broke apt on installing a new package, since dpkg did not find ldconfig and another command, since 'sbin' related directories where not in PATH. I wonder what else may break for other users. Meanwhile you described the change: > util-linux (2.32-0.4) unstable; urgency=medium > > The util-linux implementation of /bin/su is now used, replacing the > one previously supplied by src:shadow (shipped in login package), and > bringing Debian in line with other modern distributions. The two > implementations are very similar but have some minor differences (and > there might be more that was not yet noticed ofcourse), e.g. > > - new 'su' (with no args, i.e. when preserving the environment) also > preserves PATH and IFS, while old su would always reset PATH and IFS > even in 'preserve environment' mode. > - su '' (empty user string) used to give root, but now returns an error. > - previously su only had one pam config, but now 'su -' is configured > separately in /etc/pam.d/su-l > > The first difference is probably the most user visible one. Doing > plain 'su' is a really bad idea for many reasons, so using 'su -' is I read this here and elsewhere. Everytime with one thing common: Bad idea, should never do it. But *no reasons*. Not enough for me as a user and admin to make an informed decision about it. > strongly recommended to always get a newly set up environment similar > to a normal login. If you want to restore behaviour more similar to > the previous one you can add 'ALWAYS_SET_PATH yes' in /etc/login.defs. > -- Andreas Henriksson <[…]> Fri, 03 Aug 2018 10:52:22 +0200 No reasons, no insight on why I should change the way I do things regarding those backup scripts. Also… I tried out sudo… and it does not preserve environment variables for SSH Agent. Is it really that unusual to use a SSH Agent running in a user session from a root session? What is really the issue with that? Root could do it anyway. So I´d really appreciate some more on explaining the reasons behind the change, why it is a bad idea of using "su" without initializing new environment – not even the "su" manpage mentions something about it, it appears to be highly outdated anyway (July 2014). I may ask on 'util-linux' mailing list about that. And hints on migrating workloads that depended on this behavior. I think that would be beneficial to have before a Debian stable release, but maybe my idea on how many users rely on the old behavior does not match the fact and I may be one of the only users who accessed an SSH agent from a root session. I have a slight idea on how to rewrite the whole script to run as user, using "setpriv" to do the actions it needs to do as root, but before I do that: Why would it be better? Most of the stuff it needs to do as root. Thanks, Martin -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.18.0-rc5-tp520-btrfstrim+ (SMP w/4 CPU cores; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages util-linux depends on: ii fdisk 2.32-0.3 ii libaudit1 1:2.8.3-1+b1 ii libblkid1 2.32-0.3 ii libc6 2.27-5 ii libmount1 2.32-0.3 ii libpam0g 1.1.8-3.7 ii libselinux1 2.8-1+b1 ii libsmartcols1 2.32-0.3 ii libsystemd0 239-7 ii libtinfo6 6.1+20180714-1 ii libudev1 239-7 ii libuuid1 2.32-0.3 ii login 1:4.5-1.1 ii zlib1g 1:1.2.11.dfsg-1 util-linux recommends no packages. Versions of packages util-linux suggests: ii dosfstools 4.1-2 ii kbd 2.0.4-4 ii util-linux-locales 2.32-0.3 -- no debconf information
