From owner-freebsd-current Sat Apr 8 14:03:08 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id OAA23402 for current-outgoing; Sat, 8 Apr 1995 14:03:08 -0700 Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id OAA23358 for ; Sat, 8 Apr 1995 14:02:43 -0700 Received: from sax.sax.de by irz301.inf.tu-dresden.de with SMTP (5.67b+/DEC-Ultrix/4.3) id AA19585; Sat, 8 Apr 1995 23:02:01 +0200 Received: by sax.sax.de (8.6.9/8.6.9-s1) with UUCP id XAA15453 for freebsd-current@FreeBSD.org; Sat, 8 Apr 1995 23:02:00 +0200 Received: (from j@localhost) by uriah.heep.sax.de (8.6.11/8.6.9) id WAA00489 for freebsd-current@FreeBSD.org; Sat, 8 Apr 1995 22:11:22 +0200 From: J Wunsch Message-Id: <199504082011.WAA00489@uriah.heep.sax.de> Subject: Re: should su retain ${DISPLAY} To: freebsd-current@FreeBSD.org (FreeBSD-current users) Date: Sat, 8 Apr 1995 22:11:22 +0200 (MET DST) In-Reply-To: <199504081736.TAA10286@gilberto.physik.rwth-aachen.de> from "Christoph Kukulies" at Apr 8, 95 07:36:36 pm Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) X-Phone: +49-351-2012 669 X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Content-Length: 926 Sender: current-owner@FreeBSD.org Precedence: bulk As Christoph Kukulies wrote: > > > > > What do people think about an extension to the su(1) command that > > retains the ${DISPLAY} variable even across an ``su -''? > > Excuse my ignorance: What does su - do? I don't see it documented. It looks > like it executes roots dotfiles. I also see $DISPLAY preserved during a > normal 'su'. It does not preserve the normal environment, instead it operates (almost) like a login on the target UID. > When you su to root from a normal user you can't connect to the server (0:0) > anyway (unless you have enabled access before - xhost +). Only if you are using the MIT_MAGIC_COOKIE authentication. Most of our users certainly don't, since they work in a more-or-less trusted environment where host-based authorization is sufficient. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ Never trust an operating system you don't have sources for. ;-)