search

sorin-ionescu / prezto

The configuration framework for Zsh
MIT License
13.98k stars 4.49k forks source link

su preserves user env vars causing all kinds of trouble #1976

Closed NuLL3rr0r closed 2 years ago

NuLL3rr0r commented 2 years ago

Description

Let's say I have the following settings in side my user's ~/.zprofile:

# ccache
export CCACHE_CONFIGPATH=${HOME}/.config/ccache.conf

# golang workspace setup
export GOPATH="${HOME}/dev/go"
export PATH=$PATH:$(go env GOPATH)/bin

# perl cpan modules
export PATH="/home/mamadou/.local/lib64/perl5/bin${PATH:+:${PATH}}"
export PERL5LIB="/home/mamadou/.local/lib64/perl5/lib/perl5${PERL5LIB:+:${PERL5LIB}}"
export PERL_LOCAL_LIB_ROOT="/home/mamadou/.local/lib64/perl5${PERL_LOCAL_LIB_ROOT:+:${PERL_LOCAL_LIB_ROOT}}";
export PERL_MB_OPT="--install_base \"/home/mamadou/.local/lib64/perl5\""
export PERL_MM_OPT="INSTALL_BASE=/home/mamadou/.local/lib64/perl5"

When I type the su command and enter my root password if I issue env command I see the value of those variables get carried over to the root environment causing all kinds of issues. For example, CCACHE writes binary files to my user's home directory instead of the global cache. Or, my package manager portage fails to build Wine, because it cannot find some Perl modules inside my user's Perl cache. Or, running go compiler as root gets Go dependencies and put them inside my user's home directory.

The only workaround is to add the following to my user's .zprofile:

# avoid user env var preservation with su
alias su="sudo -g wheel -u root -H /usr/bin/env zsh"

Expected behavior

The env vars should not be preserved in the root environment when user access is elevated by su.

Actual behavior

It preservers the env vars and carry them over to the root environment.

Steps to Reproduce

  1. Put some env var in the user's .zprofile.
  2. Type su and then press Enter.
  3. Run env command as su.

Versions

belak commented 2 years ago

Thanks for filing this!

This is a pretty weird quirk related to how su works. An alternative is su - which tells su to run a login shell and should properly reset environment variables.

If you've got any more questions, I'm happy to answer them but because this is expected behavior of su I'm closing this.

NuLL3rr0r commented 2 years ago

Thank you very much! I thought this might be a bug. And, thanks for mentioning su -. I have changed my su alias to the following and it works:

# avoid user env var preservation with su
#alias su="sudo -g wheel -u root -H /usr/bin/env zsh"
alias su="su -"