Why /usr/sbin is not in my root $PATH ?

classic Classic list List threaded Threaded
72 messages Options
1234
Reply | Threaded
Open this post in threaded view
|

Why /usr/sbin is not in my root $PATH ?

Pierre Couderc
Hi

Why /usr/sbin is not in my root $PATH ?


xxx@server:~$ su root
Password:
root@server:/home/nous# echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/snap/bin

Why /usr/sbin is not in my root $PATH ?

Is it a bug somewhere in debian ? Installing snap ?

Or is my system corrupted ?

Thanks for any explanation

PC

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Reco
        Hi.

On Thu, Feb 21, 2019 at 09:07:09AM +0100, Pierre Couderc wrote:
> Hi
>
> Why /usr/sbin is not in my root $PATH ?
>
>
> xxx@server:~$ su root

Because you did exactly this. su(1) says:

The optional argument - may be used to provide an environment similar to
what the user would expect had the user logged in directly.

Make a habit of using 'su -', as this behaviour is here to stay.


> Is it a bug somewhere in debian ? Installing snap ?

It's a change in Debian, see #833256.
There are two su utilities, from 'shadow' and from 'util-linux'.
Preserving user's environment unless '-' is specified is a feature of
util-linux's su.

Reco

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Pierre Couderc

On 2/21/19 9:15 AM, Reco wrote:

> Hi.
>
> On Thu, Feb 21, 2019 at 09:07:09AM +0100, Pierre Couderc wrote:
>> Hi
>>
>> Why /usr/sbin is not in my root $PATH ?
>>
>>
>> xxx@server:~$ su root
> Because you did exactly this. su(1) says:
>
> The optional argument - may be used to provide an environment similar to
> what the user would expect had the user logged in directly.
>
> Make a habit of using 'su -', as this behaviour is here to stay.
>
>
>> Is it a bug somewhere in debian ? Installing snap ?
> It's a change in Debian, see #833256.
> There are two su utilities, from 'shadow' and from 'util-linux'.
> Preserving user's environment unless '-' is specified is a feature of
> util-linux's su.
>
> Reco
>
Thnk you very much. This is the answer I needed. Sorry for the noise ;)

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Greg Wooledge
On Thu, Feb 21, 2019 at 09:31:31AM +0100, Pierre Couderc wrote:
> On 2/21/19 9:15 AM, Reco wrote:
> > On Thu, Feb 21, 2019 at 09:07:09AM +0100, Pierre Couderc wrote:
> > > Why /usr/sbin is not in my root $PATH ?

Because you upgraded to buster (or unstable), and Debian in its infinite
wisdom has changed the behavior of su between stretch and buster.

> > Make a habit of using 'su -', as this behaviour is here to stay.

Or use one of several other workarounds, for example putting /usr/sbin
and /sbin into your regular user account's PATH.

> > It's a change in Debian, see #833256.
> > There are two su utilities, from 'shadow' and from 'util-linux'.
> > Preserving user's environment unless '-' is specified is a feature of
> > util-linux's su.
> >
> Thnk you very much. This is the answer I needed. Sorry for the noise ;)

It's not noise.  This is going to be the number one support issue for
buster, I just know it.  This question is going to come up repeatedly.
The su change breaks *so* much.

Red Hatters have apparently been living with this behavior for years,
and they came up with the "su -" workaround.  And hey, if that works
for them, great.

The problem with "su -" is that it strips out *all* of your environment,
*and* it changes your working directory to /root.  So, some things which
work perfectly well in stretch (with "su") will no longer work in buster
(with "su -").

Example 1:

$ make
$ su -
# make install    # fails because you're no longer in the build dir

Example 2:

$ export LANG=something LESS=-X ...
$ su -
# man something   # your environment settings have been lost

I haven't upgraded to buster yet, so I haven't had to make any changes to
my own environment yet, but I suspect I'll be adding /usr/sbin and /sbin
to my regular account's PATH.  That will break the smallest amount of
stuff for my usage patterns, as I will be able to continue using a normal
"su" which will retain my environment and my working directory.

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Brad Rogers
On Thu, 21 Feb 2019 08:20:46 -0500
Greg Wooledge <[hidden email]> wrote:

Hello Greg,

>$ make
>$ su -
># make install    # fails because you're no longer in the build dir

Just do;

$ make
$ sudo make install

Works fine.

--
 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"
Life goes quick and it goes without warning
Bombsite Boy - The Adverts

attachment0 (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Reco
In reply to this post by Greg Wooledge
        Hi.

On Thu, Feb 21, 2019 at 08:20:46AM -0500, Greg Wooledge wrote:
> On Thu, Feb 21, 2019 at 09:31:31AM +0100, Pierre Couderc wrote:
> > On 2/21/19 9:15 AM, Reco wrote:
> > > On Thu, Feb 21, 2019 at 09:07:09AM +0100, Pierre Couderc wrote:
> > > > Why /usr/sbin is not in my root $PATH ?
>
> Because you upgraded to buster (or unstable), and Debian in its infinite
> wisdom has changed the behavior of su between stretch and buster.

A small nit. They've changed the implementation of su.
Behaviour change is a consequence.


> > > Make a habit of using 'su -', as this behaviour is here to stay.
>
> Or use one of several other workarounds, for example putting /usr/sbin
> and /sbin into your regular user account's PATH.

That'll work too.

Reco

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Greg Wooledge
In reply to this post by Brad Rogers
On Thu, Feb 21, 2019 at 01:30:05PM +0000, Brad Rogers wrote:

> On Thu, 21 Feb 2019 08:20:46 -0500
> Greg Wooledge <[hidden email]> wrote:
>
> Hello Greg,
>
> >$ make
> >$ su -
> ># make install    # fails because you're no longer in the build dir
>
> Just do;
>
> $ make
> $ sudo make install
>
> Works fine.

Yes, that's another workaround: "just never use su at all, ever again".

Please remember, though, that sudo is not installed by default in Debian.
So, as with every other workaround that we're discussing, some action is
required on the part of the user to implement the workaround.

At some point I'm going to need to write a wiki page to explain the
change, and list some known workarounds, so that users can pick which
one they want to implement.

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Brad Rogers
On Thu, 21 Feb 2019 08:37:35 -0500
Greg Wooledge <[hidden email]> wrote:

Hello Greg,

>Yes, that's another workaround: "just never use su at all, ever again".

You're putting words in my mouth.  I was dealing with one use case, not
saying "..never use..".

>Please remember, though, that sudo is not installed by default in

Good point, I'd forgotten that.

--
 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"
Looking for something I can call my own
Chairman Of The Bored - Crass

attachment0 (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Jonathan de Boyne Pollard
In reply to this post by Greg Wooledge
Greg Wooledge:
>
> At some point I'm going to need to write a wiki page to explain the
> change, and list some known workarounds, so that users can pick which
> one they want to implement.
>
You could point them to StackExchange in the meantime.  (-:

* https://unix.stackexchange.com/a/460769/5132

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Greg Wooledge
On Thu, Feb 21, 2019 at 04:14:53PM +0000, Jonathan de Boyne Pollard wrote:
> You could point them to StackExchange in the meantime.  (-:
>
> * https://unix.stackexchange.com/a/460769/5132

On that page:
> Doing plain 'su' is a really bad idea for many reasons,

Name one!  Seriously, what kind of inane statement is that?

> If you want to restore behaviour more similar to the previous one you can
> add 'ALWAYS_SET_PATH yes' in /etc/login.defs.

OK, I'll just go to Debian's online man pages and find the buster
man page for su (or login.defs) to find out what that is...

... hey, where's the buster man pages?

Oh, lovely.  There aren't any.  So I'd have to extract the man page out
of a buster .deb by hand, or actually RUN buster, to find out how to
document the changes in buster and how to work around them.

*sigh* ... it's going to be one of *those* upgrades, isn't it.

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Reco
On Thu, Feb 21, 2019 at 11:26:29AM -0500, Greg Wooledge wrote:
> On Thu, Feb 21, 2019 at 04:14:53PM +0000, Jonathan de Boyne Pollard wrote:
> > You could point them to StackExchange in the meantime.  (-:
> >
> > * https://unix.stackexchange.com/a/460769/5132
>
> On that page:
> > Doing plain 'su' is a really bad idea for many reasons,
>
> Name one!  Seriously, what kind of inane statement is that?

I have five reasons for you. They are called AIX, HP-UX, Solaris, RHEL
and busybox's su in no particular order.
It's not the first time Debian project chose to do exactly the same
others did for decades.


> > If you want to restore behaviour more similar to the previous one you can
> > add 'ALWAYS_SET_PATH yes' in /etc/login.defs.
>
> OK, I'll just go to Debian's online man pages and find the buster
> man page for su (or login.defs) to find out what that is...
>
> ... hey, where's the buster man pages?

Exactly there they belong. In .deb archives.

Reco

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Greg Wooledge
Well, for those who are interested, I've added some information to
<https://wiki.debian.org/NewInBuster>.  I'm trusting that the
ALWAYS_SET_PATH thing from that random web page was actually correct,
because verification would take a lot of work.  It's a wiki, so someone
else can correct it if it's wrong.

When I linked to EnvironmentVariables I also found a section at the
end of *that* page which describes the current behavior of su, so I
updated that page slightly as well.

I can't even begin to guess how many places assume the current su
behavior or how difficult it will be to find and change them all.

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

ghe-2
In reply to this post by Reco
On 2/21/19 10:15 AM, Reco wrote:

> It's not the first time Debian project chose to do exactly the same
> others did for decades.

Can you say Ptolemy? He (and his followers) did exactly the same he did
for centuries.

Another Busterism, BTW: ping now requires root privileges. It does on my
computer, anyway. Maybe I made a mistake when I installed -- somebody
sure did.

The idea of putting sbin, etc. (and looking at who has execute) in my
user path is becoming more and more attractive.

Who needs Unix? OS360 and msdos and CP/M did the job for decades...

--
Glenn English

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Reco
In reply to this post by Reco
    Hi.

On Thu, Feb 21, 2019 at 11:12:12AM -0700, ghe wrote:
> Another Busterism, BTW: ping now requires root privileges. It does on
> my
> computer, anyway. Maybe I made a mistake when I installed -- somebody
> sure did.

Ping *always* required root, more precisely, CAP_NET_RAW.
So they either made ping root-owned suid, or assigned CAP_NET_RAW
capability to it (that's stretch btw):

$ /sbin/getcap /bin/ping
/bin/ping = cap_net_raw+ep

So, run /var/lib/dpkg/info/iputils-ping.postinst (or whatever iputils
alternative you have installed), and enjoy sanity restored.

Reco

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Reco
In reply to this post by ghe-2
    Hi.

On Thu, Feb 21, 2019 at 11:12:12AM -0700, ghe wrote:
> Another Busterism, BTW: ping now requires root privileges. It does on
> my
> computer, anyway. Maybe I made a mistake when I installed -- somebody
> sure did.

Ping *always* required root, more precisely, CAP_NET_RAW.
So they either made ping root-owned suid, or assigned CAP_NET_RAW
capability to it (that's stretch btw):

$ /sbin/getcap /bin/ping
/bin/ping = cap_net_raw+ep

So, run "/var/lib/dpkg/info/iputils-ping.postinst configure" (or whatever iputils
alternative you have installed), and enjoy sanity restored.


PS I should watch who I'm replying to.

Reco

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

ghe-2
In reply to this post by Reco
On 2/21/19 11:18 AM, Reco wrote:

> Ping *always* required root,

Maybe, but I didn't know that. I've been on Debian since the days of the
major Toy Story characters, and I've always just typed 'ping' and it punged.

But thanks, somebodyAtDebian, for correcting my decades old expectation.

--
Glenn English

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Greg Wooledge
On Thu, Feb 21, 2019 at 11:36:44AM -0700, ghe wrote:
> On 2/21/19 11:18 AM, Reco wrote:
>
> > Ping *always* required root,
>
> Maybe, but I didn't know that. I've been on Debian since the days of the
> major Toy Story characters, and I've always just typed 'ping' and it punged.
>
> But thanks, somebodyAtDebian, for correcting my decades old expectation.

You might be confused here.  The ping program is intended to *work* for
all users, but in order to work, it needs a special capability.
Traditionally the ping program acquired this capability by being installed
with the setuid bit.  In more recent releases of Debian, /bin/ping is
no longer setuid, and instead uses the Linux capabilities feature
for its special power-up.

<http://unixetc.co.uk/2016/05/30/linux-capabilities-and-ping/> is the
first link I found which explains this.  Seems like the right level of
exposition for this thread.

It's possible that somehow you removed your /bin/ping and restored it from
a backup, but you didn't re-run the thing that gives it the special
capabilities it needs.  Or, who knows, maybe something else happened.

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

ghe-2
On 2/21/19 11:50 AM, Greg Wooledge wrote:

> It's possible that somehow you removed your /bin/ping and restored it from
> a backup, but you didn't re-run the thing that gives it the special
> capabilities it needs.  

Don't think so. Just a vanilla netinstall. Like always. I think.

> Or, who knows, maybe something else happened.

Something did :-) The shell, or something, talks about socket not being
accessible. Certainly reasonable/believable.

Thanks -- will fix...

--
Glenn English

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Ric Moore
In reply to this post by ghe-2
On 2/21/19 1:36 PM, ghe wrote:
> On 2/21/19 11:18 AM, Reco wrote:
>
>> Ping *always* required root,
>
> Maybe, but I didn't know that. I've been on Debian since the days of the
> major Toy Story characters, and I've always just typed 'ping' and it punged.

I just typed "ping redhat.com", as user, and it pinged. But I couldn't
get it to "pung". :) Ric

Reply | Threaded
Open this post in threaded view
|

Re: Why /usr/sbin is not in my root $PATH ?

Mart van de Wege
In reply to this post by Greg Wooledge
Greg Wooledge <[hidden email]> writes:

>
> The problem with "su -" is that it strips out *all* of your environment,

That's a feature, not a bug. You *don't* want to import Joe Random
User's environment into root's.

Mart

--
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

1234