Date: Wed, 31 Oct 2007 15:09:36 +0000 From: Daniel Bye <freebsd-questions@slightlystrange.org> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: ssh Message-ID: <20071031150936.GA60294@brick.slightlystrange.org> In-Reply-To: <62b856460710310723j6d5e0928rf601195caf6a5deb@mail.gmail.com> References: <62b856460710310231h3bc517cdl20300179ac6f1a39@mail.gmail.com> <d59e90ab0710310530t79fb80c5h39f7e735d148d16a@mail.gmail.com> <62b856460710310620v588222edj620e8519643881a3@mail.gmail.com> <d59e90ab0710310649y2d40a8dbrecdaa1ecd35d1e81@mail.gmail.com> <62b856460710310723j6d5e0928rf601195caf6a5deb@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--PEIAKu/WMn1b1Hv9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Oct 31, 2007 at 03:23:57PM +0100, Michael Grant wrote:
> > Yeah, I misread your problem. Are you saying that you want to su to roo=
t,
> > but still have some variables set as they were on the account you sued =
from?
> > So you have a user named Michael, say, and you su to root, but when you=
ssh
> > you want Michael's .ssh to be the effective one?
>=20
> Well sort of. When I su, $HOME is set to my homedir and $USER set to
> mgrant. This is fine. However, ssh (when sued) doesn't read
> $HOME/.ssh, it reads /root/.ssh. And it's not defaulting to logging
> into the remote machine as $USER, it tries to log in as root. It does
> this because it's hardwired in the code more or less as follows (I've
> extracted the relevant code from ssh.c):
>=20
> original_real_uid =3D getuid();
> pw =3D getpwuid(original_real_uid);
> sprintf(buf, "%s/%s", pw->pw_dir, "ssh-config");
> read_config_file(buf);
> options.user =3D strdup(pw->pw_name);
>=20
> Like I said, it seems like a bug to me. Personally I would have done
> a getenv("HOME") and getenv("USER") myself instead of depending on the
> userid. Probably they had good reason for doing it the way they did
> it.
Probably to do with the fact that both $HOME and $USER can be set by the
user to any arbitrary value:
[daniel@torus:~] --->$ echo $USER $HOME
daniel /home/daniel
[daniel@torus:~] --->$ USER=3Droot
[daniel@torus:~] --->$ HOME=3D/root
[daniel@torus:/home/daniel] --->$ echo $USER $HOME
root /root
[daniel@torus:/home/daniel] --->$ cd
[daniel@torus:~] --->$ pwd
/root
Not so good for security!
Dan
--=20
Daniel Bye
_
ASCII ribbon campaign ( )
- against HTML, vCards and X
- proprietary attachments in e-mail / \
--PEIAKu/WMn1b1Hv9
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
iD8DBQFHKJqwixf5fBYiFmoRAjrwAJwN5si6Ab1K6TdPY/fS7ldkvT+s+wCeP3Sa
txi1yMxN6YZfkPNt5udj35k=
=sfC/
-----END PGP SIGNATURE-----
--PEIAKu/WMn1b1Hv9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071031150936.GA60294>