Starting a shell with sudo works different in openSUSE?

I use sudo -E -s when I need a root shell on machines running either Mac OS, Debian, or a minimal Red Hat system. On all it effectively just upgrades my normal shell session with root privileges as the environment remains the same. In particular all my bash functions and aliases remain available.

Having just started using a machine with openSUSE 12.3 it seems the command behaves differently as the functions and aliases are not retained in the root shell. Having checked the /etc/sudoers file there is nothing different in the one of the openSUSE machine to those other systems beyond the list of environment variables to keep, although this is overruled by the -E switch anyway so is of no consequence.

Can anyone say why openSUSE does not act the same as those other systems, and is there anything I can do to get the behaviour I am expecting?

Thanks

On 2013-06-04 01:46, aperantos wrote:

> Can anyone say why openSUSE does not act the same as those other
> systems, and is there anything I can do to get the behaviour I am
> expecting?

Nope :slight_smile:

It is just different, or the others are different. Whatever you prefer.

In order to get a shell, with the same environment, we do “su”. Or “su -” to get root’s environment,
which is preferable.


Cheers / Saludos,

Carlos E. R.
(from oS 12.3 “Dartmouth” GM (rescate 1))

On 06/04/2013 01:59 AM, Carlos E. R. wrote:
> In order to get a shell, with the same environment, we do “su”. Or
> “su -” to get root’s environment, which is preferable.

+1 it is different. and Carlos is correct (as usual):

su gives root powers with the provoking user’s environment
su - giveS root powers with root’s environment

more, for your reading pleasure:
http://tinyurl.com/593e4c
http://tinyurl.com/ydbwssh
http://tinyurl.com/665h5ek


dd

That’s because “your” bash gets your functions and aliases from files in your home directory and home directory for new bash is by default set to target user. See description of always_set_home:

+## Prevent environment variables from influencing programs in an
+## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
+Defaults always_set_home
+Defaults env_reset


Just try “sudo -sH” on any other system to get the same result.

Thanks for the replies, but su and su - are not different ways of doing the same thing, they are different commands that do different things. Quite notably they require the root password rather than authenticating with the user one. They also do not provide the behaviour where a full version of the users original environment, with functions and aliases, are available.

Here is a table summarizing the different commands and how they seem to behave on the four different platforms.

Command Platform $USER $HOME $MAIL .bashrc .profile Environment retained
sudo -s Debian root root root N N Based on sudoers
Has aliases and functions
Red Hat, Mac root user user Y N Based on sudoers
Has aliases and functions
openSUSE root root root N N Based on sudoers, resets $HOME
No aliases or functions
sudo -E -s Debian, Red Hat, Mac root user user Y N Full user
openSUSE root root user N N Full user but resets $HOME
No aliases or functions
sudo su Debian root root root N N PS1, alias, functions from .bashrc
though no output from it
Red Hat root root user N N Default but retains PS1
No aliases or functions
Mac root root N N Based on sudoers
No aliases or functions
openSUSE root root root N N Default environment
sudo su - Debian root root root N Y Full user
Has aliases and functions
Red Hat, Mac, openSUSE root root root N N Default environment
sudo bash Debian root root root N N PS1, alias, functions from .bashrc
though no output from it
Red Hat, Mac root user user Y N Based on sudoers
Has aliases and functions
openSUSE root user root Y N Based on sudoers
Has aliases and functions
sudo -E bash Debian, Red Hat,
Mac, openSUSE root user user Y N Full user
Has aliases and functions
su openSUSE user root user N N No aliases or functions
su - openSUSE root root root N N Default environment

**Notes:
**

  • $MAIL is not set on a Mac.
  • .bashrc and .profile columns indicate whether an echo command within those files was displayed
  • root account not enabled on Debian, Red Hat, or Mac machines so su
    cannot be run on its own.

It seems arvidjaar is correct about the problem being the always_set_home option and $HOME being reset. But regardless of whether in /etc/sudoers I use Defaults !always_set_home, remove that line completely, add Defaults env_keep += “HOME”, or even add “HOME” to the default env_keep string $HOME still gets reset when used with sudo -s. Even if I remove the env_reset option so that sudo should makes no changes to the environment at all, it still resets $HOME.

I also note in the online man page (does openSUSE really not provide man by default?) it states that:

Note that HOME is already set when the the env_reset option is enabled, so always_set_home is only effective for configurations where either env_reset is disabled or HOME is present in the env_keep list. This flag is off by default.

That surely implies the setting should not do anything as the default /etc/sudoers file does not meet either of those conditions.

It seems to me it is not different behaviour on openSUSE but simply rather a buggy version of sudo. The only time the $HOME variable is not reset was when running sudo bash, which when used with the -E option is the only command to give the same behaviour across all systems so I guess I will just have to get into the practice of using that.

Thanks for the help as it helped me locate the exact cause of the problem.

sudo is not su

different distros have different ideas on what sudo is allowed and not allowed to do. The sudo behaviors can be changed in Yast.

There is also set_home with is enabled by default in openSUSE build:

--enable-shell-sets-home

if you disable it …

bor@opensuse:~> sudo cat /etc/sudoers
ALL    ALL=(ALL) ALL
Defaults !env_reset
Defaults !set_home
bor@opensuse:~> sudo -s
opensuse:~ # echo $HOME
/home/bor

It can be considered minor bug (documentation claims default is off), so you may consider opening bug report.

On 06/04/2013 02:36 PM, aperantos pecked at the keyboard and wrote:
> Thanks for the replies, but su and su - are not different ways of
> doing the same thing, they are different commands that do different
> things.

[su] and [su -] is the the same command with different options. You
can also pass another option to the command like



su - username   or

su username


in which case you will need to know the passwd of username unless you
are using su from the root account.

Quite notably they require the root password rather than
authenticating with the user one. They also do not provide the
behaviour where a full version of the users original environment, with
functions and aliases, are available.

Yes it does. Log in the system as yourself and issue the command



env


, use su to change to the root id and then issue the command again. You
will be surprised at the number of environment variables that retain the
users settings including the users aliases.

Ken

On 06/04/2013 08:36 PM, aperantos wrote:
>
> Thanks for the replies, but su and su - are not different ways of
> doing the same thing, they are different commands that do different
> things.

no. they are the same command, which with different switches will
not do the same thing. as patiently explained: both give root
permissions and one gives root’s environment.

hint: when you ask a question and get an answer, do more listening
and less instructing.

> I also note in the online man page (does openSUSE really not provide
> man by default?) it states that:

first: of course a default install of openSUSE includes man pages, if
yours does not i think that is evidence you have a broken
install…where did you get your install media, and did you check its
md5sum??

second: if you located an online man page matching the openSUSE
system you have installed, i’d like to know its URL…because most
folks find some generic man somewhere which may, or may not match
the reality of every different distro.

i would suggest you ignore on-line man and consult the openSUSE man,
because (as stated) the different distros are different.

> It seems to me it is not different behaviour on openSUSE but simply
> rather a buggy version of sudo.

no, the behavior (and default setup of sudo) is different.

you came the wrong conclusion because you used a generic,
non-authoritative man, which is wrong for the 12.3 version of
this distro.

but, don’t get too bent out of shape about it, there have been
plenty here before you who were also momentary confused by the
differences…i wish there was comprehensive list off the tiny
differences of the various distros…but, afaik there is not
one…and, if there were it would be a monster to keep up to date!


dd

On 2013-06-04 22:42, dd wrote:
> On 06/04/2013 08:36 PM, aperantos wrote:
>>
>> Thanks for the replies, but su and su - are not different ways of
>> doing the same thing, they are different commands that do different
>> things.
>
> no. they are the same command, which with different switches will not
> do the same thing. as patiently explained: both give root permissions
> and one gives root’s environment.

DD, You are saving me typing what I was going to type :wink:

Absolutely, the same command with different switches.

>> I also note in the online man page (does openSUSE really not provide
>> man by default?) it states that:
>
> first: of course a default install of openSUSE includes man pages, if
> yours does not i think that is evidence you have a broken
> install…where did you get your install media, and did you check its
> md5sum??

Absolutely.

The man pages and the texinfo pages are both included in a default
install. It is possible, though, that some are not included in live
media, and then they would get installed on the first run of yast
package manager or online update after installation.

You can use ‘man’, ‘info’, or ‘pinfo’. KDE can display a man page nicely
if you type “man: page” on the browser, I believe. It is not online, it
is local.

> second: if you located an online man page matching the openSUSE system
> you have installed, i’d like to know its URL…because most folks find
> some generic man somewhere which may, or may not match the reality of
> every different distro.
>
> i would suggest you ignore on-line man and consult the openSUSE man,
> because (as stated) the different distros are different.

Absolutely :slight_smile:

>> It seems to me it is not different behaviour on openSUSE but simply
>> rather a buggy version of sudo.
>
> no, the behavior (and default setup of sudo) is different.
>
> you came the wrong conclusion because you used a generic,
> non-authoritative man, which is wrong for the 12.3 version of this
> distro.

Absolutely.

> but, don’t get too bent out of shape about it, there have been plenty
> here before you who were also momentary confused by the differences…i
> wish there was comprehensive list off the tiny differences of the
> various distros…but, afaik there is not one…and, if there were it
> would be a monster to keep up to date!

Absolutely. :slight_smile:


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

Thank you so much! Thankfully just a a documentation error, but I will look into making a bug report to save anyone else running into the same.

I accept in hindsight I badly phrased my post but that type of attitude is completely uncalled for. Obviously I was not claiming su is a different command from itself, but meant that using either su or su - as suggested was not the answer to my question because su is a different command to sudo. Given both the context of the answers I was replying to, my explanation of how the two differed, and that anyone with enough knowledge to even be asking the question would know the difference between a command and an option you could have inferred what I meant.

I guess I will have second thoughts about coming back here for advice in future.

$ md5sum openSUSE-12.3-NET-x86_64.iso 
0ef3c2f301b05f52e9c98cff3f799744  openSUSE-12.3-NET-x86_64.iso

Going to http://download.opensuse.org/distribution/12.3/iso/openSUSE-12.3-NET-x86_64.iso.md5 gives
0ef3c2f301b05f52e9c98cff3f799744 openSUSE-12.3-NET-x86_64.iso

$ sudo find / -xdev -name man -print
/usr/share/man
/usr/local/man

There are man pages, there is no /bin/man hence my surprise and confusion.

On 2013-06-05 01:06, aperantos wrote:
>
> DenverD;2562654 Wrote:
>> hint: when you ask a question and get an answer, do more listening
>> and less instructing.
>
> I accept in hindsight I badly phrased my post but that type of attitude
> is completely uncalled for. Obviously I was not claiming su is a
> different command from itself, but meant that using either su or su - as
> suggested was not the answer to my question because su is a different
> command to sudo. Given both the context of the answers I was replying
> to, my explanation of how the two differed, and that anyone with enough
> knowledge to even be asking the question would know the difference
> between a command and an option you could have inferred what I meant.

Both su and sudo in openSUSE require you to use root’s password - unless
you change the config, which few people do (I do).

> I guess I will have second thoughts about coming back here for advice
> in future.

Why? We are very friendly, despite the appearances. :slight_smile:

> Code:
> --------------------
> $ sudo find / -xdev -name man -print
> /usr/share/man
> /usr/local/man
> --------------------
>
>
> There are man pages, there is no /bin/man hence my surprise and
> confusion.


cer@Telcontar:~> which man
/usr/bin/man
cer@Telcontar:~> l /usr/bin/man
-rwxr-xr-x 2 root root 10704 Oct 29  2011 /usr/bin/man*
cer@Telcontar:~> rpm -qfv /usr/bin/man
man-2.5.2-37.1.2.x86_64
cer@Telcontar:~>
cer@Telcontar:~> rpm -V man
cer@Telcontar:~>

If other distributions choose /bin, that doesn’t mean we have to do the
same :wink:


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

On 2013-06-05 00:46, aperantos wrote:

> Thank you so much! Thankfully just a a documentation error, but I will
> look into making a bug report to save anyone else running into the same.

openSUSE:Submitting bug
reports


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

Unfortunately, as the find output I posted shows, I have no /usr/bin/man, nor anything else called man other than the local and share directories for the pages. My install was the server option (no X11) from the installer, incidentally. But as I can install it manually it is not a problem, just rather strange.

Yes, minimal text install does not include man command.

On 2013-06-05 13:26, arvidjaar wrote:
>
> aperantos;2562771 Wrote:
>> I have no /usr/bin/man, nor anything else called man other than the
>> local and share directories for the pages. My install was the server
>> option (no X11) from the installer
>
> Yes, minimal text install does not include man command.

Oh.

And there is not a fully featured text install?


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

On 06/05/2013 11:16 AM, aperantos wrote:
> My install was the server option (no X11) from the installer, incidentally.

first you said it was a default install…

GIGO


dd

That depends on definition of “fully featured”. Although having man pages without possibility to display them looks weird indeed (Mandriva offered possibility to omit all documentation including man pages for truly minimal install IIRC).

Define “default”.