Debian and su

At work our migration from Ubuntu to Debian is progressing well, but various paper cut issues have risen.

One such bleeder is the change in behavior with the su command.

On most Linux systems, executing su - creates a new login environment and retains certain environment variables such as DISPLAY, XAUTHORITY, and desktop related variables. With Debian 10 this no longer is the case.

After years of memory muscle imprinting I find this new behavior challenging to adjust. I don’t care for any anal security lectures. I have no complaint about the fundamental change, but the behavior should be configurable by users and not hard-coded.

Another different behavior I discovered is as root when executing su - some_user_name, there was a prompt to provide the user’s password. That is an odd request for the root account. A little digging seemed to indicate that using su in that manner is discouraged and instead the runuser command should be used.

Actually the root cause was self-inflicted. In my testing I inadvertently deleted /etc/pam.d/su-l. Restoring the file restored the expected su - some_user_namebehavior with no password prompt. Specifically, losing the auth include su directive causes the described behavior.

Posted: Category: Usability Tagged: Debian

Next: Meld

Previous: Launching Scripts in a Terminal Window