Control: tags -1 + help On Wed, Jun 05, 2013 at 07:00:29AM +0200, Christian PERRIER wrote: > Quoting Piotr Engelking ([email protected]): [...] > > The 'su -' command, unlike login, doesn't set umask. This behavior > > disagrees with the man page, which says: > > > > The optional argument - may be used to provide an environment similar > > to what the user would expect had the user logged in directly. > > > > Operating with an unexpected umask value is dangerous, particularly so > > if running as root. > > > > Please change su - to set umask to the same value that login does. > > > Without checking, though, I suspect this to be a PAM issue.
Should /etc/pam.d/su-l gain a line for pam_umask ? Possibly also pam_limits ? Maybe they should even be in /etc/pam.d/su (which is also included by /et/pam.d/su-l).... Help from pam experts would be appreciated. (Maybe this is looking at it too narrowly though, and instead the entire /etc/pam.d/su file carried over from src:shadow/login days should be revamped/rewritten.) Regards, Andreas Henriksson
