Debian and su
At work our migration from Ubuntu to Debian is progressing well, but various paper cut issues have risen.
One such bleeder is the change in behavior with the
On most Linux systems, executing
su - creates a new login environment and retains certain environment variables such as DISPLAY, XAUTHORITY, and desktop related variables. With Debian 10 this no longer is the case.
After years of memory muscle imprinting I find this new behavior challenging to adjust. I don’t care for any anal security lectures. I have no complaint about the fundamental change, but the behavior should be configurable by users and not hard-coded.
Another different behavior I discovered is as root when executing
su - some_user_name, there was a prompt to provide the user’s password. That is an odd request for the root account. A little digging seemed to indicate that using su in that manner is discouraged and instead the
runuser command should be used.
Actually the root cause was self-inflicted. In my testing I inadvertently deleted
/etc/pam.d/su-l. Restoring the file restored the expected
su - some_user_namebehavior with no password prompt. Specifically, losing the
auth include su directive causes the described behavior.