David G. Miller wrote:
> Stephen Harris <lists@...> writes:
>> On Mon, Jul 23, 2012 at 02:33:17PM -0500, Les Mikesell wrote:
>> > On Mon, Jul 23, 2012 at 2:18 PM, Stephen Harris <lists@...> wrote:
>> > > On Mon, Jul 23, 2012 at 02:14:45PM -0500, Les Mikesell wrote:
>> > >> Can't you use the usual approach of 'su -' to pick up the target
>> > >> user's login environment?
>> > >
>> > > It's "su -" that causes the 'su' comman to rewrite the PATH to the
>> > > hardcoded default.
>> > >
>> > But it should be executing the target user's .profile which can
>> > override it. '-' should be a synonym for -l or --login.
>>
>> You've missed the point. I want the ability to set the default path on
>> 'su -' to be /bin:/usr/bin and then let the users override if they wish.
>> I do not want the default path to be /usr/local/bin:/bin:/usr/bin
>
> Silly question but what are you actually trying to accomplish?
> Restricting the path doesn't restrict what people can run. Not having
having
> /usr/local/bin in the path doesn't stop someone from giving the full
> path to the program or cd-ing to /usr/local/bin and running something
> there with ./progName.
>
> Once a user has become root, they own the system. You really can't
> restrict > them at that point. If you don't want them doing some
things, perhaps su isn't the best solution.
Good point, Dave. Stephen - are you sure you don't want to give them sudo,
with limits as to what commands they can run?
mark
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
