Re: ssh
- From: Daniel Bye <freebsd-questions@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 31 Oct 2007 15:09:36 +0000
On Wed, Oct 31, 2007 at 03:23:57PM +0100, Michael Grant wrote:
Yeah, I misread your problem. Are you saying that you want to su to root,
but still have some variables set as they were on the account you sued from?
So you have a user named Michael, say, and you su to root, but when you ssh
you want Michael's .ssh to be the effective one?
Well sort of. When I su, $HOME is set to my homedir and $USER set to
mgrant. This is fine. However, ssh (when sued) doesn't read
$HOME/.ssh, it reads /root/.ssh. And it's not defaulting to logging
into the remote machine as $USER, it tries to log in as root. It does
this because it's hardwired in the code more or less as follows (I've
extracted the relevant code from ssh.c):
original_real_uid = getuid();
pw = getpwuid(original_real_uid);
sprintf(buf, "%s/%s", pw->pw_dir, "ssh-config");
read_config_file(buf);
options.user = strdup(pw->pw_name);
Like I said, it seems like a bug to me. Personally I would have done
a getenv("HOME") and getenv("USER") myself instead of depending on the
userid. Probably they had good reason for doing it the way they did
it.
Probably to do with the fact that both $HOME and $USER can be set by the
user to any arbitrary value:
[daniel@torus:~] --->$ echo $USER $HOME
daniel /home/daniel
[daniel@torus:~] --->$ USER=root
[daniel@torus:~] --->$ HOME=/root
[daniel@torus:/home/daniel] --->$ echo $USER $HOME
root /root
[daniel@torus:/home/daniel] --->$ cd
[daniel@torus:~] --->$ pwd
/root
Not so good for security!
Dan
--
Daniel Bye
_
ASCII ribbon campaign ( )
- against HTML, vCards and X
- proprietary attachments in e-mail / \
Attachment:
pgpkh1V3lHINv.pgp
Description: PGP signature
- Follow-Ups:
- Re: ssh
- From: Erik Osterholm
- Re: ssh
- References:
- Prev by Date: Re: LaTeX oder teTeX
- Next by Date: 7.0 BETA1 and cvsup
- Previous by thread: Re: ssh
- Next by thread: Re: ssh
- Index(es):
Relevant Pages
|
