From owner-freebsd-questions@FreeBSD.ORG Wed Oct 31 15:17:11 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6AFAD16A418 for ; Wed, 31 Oct 2007 15:17:11 +0000 (UTC) (envelope-from freebsd-questions@slightlystrange.org) Received: from catflap.slightlystrange.org (cpc5-cmbg1-0-0-cust497.cmbg.cable.ntl.com [86.6.1.242]) by mx1.freebsd.org (Postfix) with ESMTP id E3CFD13C4AC for ; Wed, 31 Oct 2007 15:17:10 +0000 (UTC) (envelope-from freebsd-questions@slightlystrange.org) Received: by catflap.slightlystrange.org (Postfix, from userid 106) id 71E616159; Wed, 31 Oct 2007 15:09:42 +0000 (GMT) Received: from torus.slightlystrange.org (torus.slightlystrange.org [10.1.3.50]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by catflap.slightlystrange.org (Postfix) with ESMTP id C8E1F6132 for ; Wed, 31 Oct 2007 15:09:41 +0000 (GMT) Received: (from danielby@localhost) by torus.slightlystrange.org (8.13.8/8.13.4/Submit) id l9VF9dlZ062190 for freebsd-questions@freebsd.org; Wed, 31 Oct 2007 15:09:39 GMT (envelope-from freebsd-questions@slightlystrange.org) Date: Wed, 31 Oct 2007 15:09:36 +0000 From: Daniel Bye To: FreeBSD Questions Message-ID: <20071031150936.GA60294@brick.slightlystrange.org> Mail-Followup-To: FreeBSD Questions References: <62b856460710310231h3bc517cdl20300179ac6f1a39@mail.gmail.com> <62b856460710310620v588222edj620e8519643881a3@mail.gmail.com> <62b856460710310723j6d5e0928rf601195caf6a5deb@mail.gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="PEIAKu/WMn1b1Hv9" Content-Disposition: inline In-Reply-To: <62b856460710310723j6d5e0928rf601195caf6a5deb@mail.gmail.com> User-Agent: Mutt/1.4.2.3i X-PGP-Fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A Subject: Re: ssh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Daniel Bye List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Oct 2007 15:17:11 -0000 --PEIAKu/WMn1b1Hv9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 31, 2007 at 03:23:57PM +0100, Michael Grant wrote: > > Yeah, I misread your problem. Are you saying that you want to su to roo= t, > > but still have some variables set as they were on the account you sued = from? > > So you have a user named Michael, say, and you su to root, but when you= ssh > > you want Michael's .ssh to be the effective one? >=20 > Well sort of. When I su, $HOME is set to my homedir and $USER set to > mgrant. This is fine. However, ssh (when sued) doesn't read > $HOME/.ssh, it reads /root/.ssh. And it's not defaulting to logging > into the remote machine as $USER, it tries to log in as root. It does > this because it's hardwired in the code more or less as follows (I've > extracted the relevant code from ssh.c): >=20 > original_real_uid =3D getuid(); > pw =3D getpwuid(original_real_uid); > sprintf(buf, "%s/%s", pw->pw_dir, "ssh-config"); > read_config_file(buf); > options.user =3D strdup(pw->pw_name); >=20 > Like I said, it seems like a bug to me. Personally I would have done > a getenv("HOME") and getenv("USER") myself instead of depending on the > userid. Probably they had good reason for doing it the way they did > it. Probably to do with the fact that both $HOME and $USER can be set by the user to any arbitrary value: [daniel@torus:~] --->$ echo $USER $HOME daniel /home/daniel [daniel@torus:~] --->$ USER=3Droot [daniel@torus:~] --->$ HOME=3D/root [daniel@torus:/home/daniel] --->$ echo $USER $HOME root /root [daniel@torus:/home/daniel] --->$ cd [daniel@torus:~] --->$ pwd /root Not so good for security! Dan --=20 Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ --PEIAKu/WMn1b1Hv9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHKJqwixf5fBYiFmoRAjrwAJwN5si6Ab1K6TdPY/fS7ldkvT+s+wCeP3Sa txi1yMxN6YZfkPNt5udj35k= =sfC/ -----END PGP SIGNATURE----- --PEIAKu/WMn1b1Hv9--