su vs su – (on Debian): why is PATH the same?

by

I know what should be the difference between su and su -, but in my system (Debian) for example PATH is the same:

[root]# su
[root]# echo $PATH
/user_path/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[root]# exit
[root]$ su -
[<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1e6c71716a5e7a7b7c777f70">[email protected]</a> ~]# echo $PATH
/user_path/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

So I’m starting to think that the settings can be changed in configuration files.

Contents hide
Answers:
Method 1
Method 2

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

For configuring the su PATH, have a look at /etc/login.defs:

ENV_SUPATH      PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV_PATH        PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

There are also a number of other places PATH can be changed, including:

  • /etc/environment
  • /etc/bash.bashrc
  • /etc/profile
  • /etc/profile.d/*
  • ~/.bashrc
  • ~/.bash_profile

Without anything special in per-user settings, su seems to be getting its PATH from /etc/environment and su - seems to be getting its environment from /etc/login.defs ENV_SUPATH.

So on your system, my guess is that you have the same PATH value in /etc/login.defs as in /etc/environment, or you have some extra configuration in /etc/profile.d, /etc/bash.bashrc, or some rc file in /home/someuser.

Method 2

Parameter - means starting environment which is almost the same as with login environment for that user.

Without - environment is same as original user’s environment.

For example PATH is usually same for root and normal users. In some systems there is no sbin folders for normal users. You can’t disable - from su easily. Of course you can go to edit the source code.

You can try this by running

export FOO=bar
su # enter your password
echo $FOO
logout
su - # enter your password again
echo $FOO

In first time echo $FOO prints “bar” and in second time it’s empty.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x