From owner-freebsd-current  Sat Apr  8 14:03:08 1995
Return-Path: current-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id OAA23402
          for current-outgoing; Sat, 8 Apr 1995 14:03:08 -0700
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id OAA23358
          for <freebsd-current@FreeBSD.org>; Sat, 8 Apr 1995 14:02:43 -0700
Received: from sax.sax.de by irz301.inf.tu-dresden.de with SMTP
	(5.67b+/DEC-Ultrix/4.3) id AA19585; Sat, 8 Apr 1995 23:02:01 +0200
Received: by sax.sax.de (8.6.9/8.6.9-s1) with UUCP
	id XAA15453 for freebsd-current@FreeBSD.org; Sat, 8 Apr 1995 23:02:00 +0200
Received: (from j@localhost) by uriah.heep.sax.de (8.6.11/8.6.9) id WAA00489 for freebsd-current@FreeBSD.org; Sat, 8 Apr 1995 22:11:22 +0200
From: J Wunsch <j@uriah.heep.sax.de>
Message-Id: <199504082011.WAA00489@uriah.heep.sax.de>
Subject: Re: should su retain ${DISPLAY}
To: freebsd-current@FreeBSD.org (FreeBSD-current users)
Date: Sat, 8 Apr 1995 22:11:22 +0200 (MET DST)
In-Reply-To: <199504081736.TAA10286@gilberto.physik.rwth-aachen.de> from "Christoph Kukulies" at Apr 8, 95 07:36:36 pm
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
X-Phone: +49-351-2012 669
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Content-Length: 926       
Sender: current-owner@FreeBSD.org
Precedence: bulk

As Christoph Kukulies wrote:
> 
> > 
> > What do people think about an extension to the su(1) command that
> > retains the ${DISPLAY} variable even across an ``su -''?
> 
> Excuse my ignorance: What does su - do? I don't see it documented. It looks
> like it executes roots dotfiles.  I also see $DISPLAY preserved during a
> normal 'su'.

It does not preserve the normal environment, instead it operates
(almost) like a login on the target UID.

> When you su to root from a normal user you can't connect to the server (0:0)
> anyway (unless you have enabled access before - xhost +). 

Only if you are using the MIT_MAGIC_COOKIE authentication.  Most of
our users certainly don't, since they work in a more-or-less trusted
environment where host-based authorization is sufficient.
-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/
Never trust an operating system you don't have sources for. ;-)