Path: utzoo!utgpu!water!watmath!clyde!rutgers!uwvax!umn-d-ub!umn-cs!ems!pwcs!elric!root From: root@elric.UUCP (root) Newsgroups: comp.unix.xenix Subject: Re: Some questions. Summary: Your PATH is *supposed* to be limited for security purposes! Message-ID: <397@elric.UUCP> Date: 24 Jan 88 20:57:27 GMT References: <1071@bc-cis.UUCP> Organization: Unisys Inc., Eagan,MN Lines: 32 Posted: Sun Jan 24 14:57:27 1988 In article <1071@bc-cis.UUCP>, raanan@bc-cis.UUCP (Raanan Herrmann) writes: > Here are some questions I have about Xenix 286 (we have Ver 2.1.3 > [two other questions] > 3. When I log-in as root or become Super-User through `su`, the > PATH variable contain "/etc:/bin:/usr/bin". Where is the .profile > for root? How do I make the PATH to contain also "." (current directory) > after login? Raanan, Whenever one (you or anyone else (:-)) logs in as root, either directly or through the "switch-user" (su) mechanism, the PATH variable is deliberately set to a limited set of directories for security purposes. This is because root is such a powerful login (like the queen in chess!). If you really want to set your PATH variable to something more expansive than just the "standard 3", you may diddle with /.profile (when you login as root), or do a ". /.profile" or some such equivalent thing to set your PATH when you login in with "su". But, imagine the following scenario: You login as root and have your PATH set to "/etc/:/bin:/usr/bin:.:/usr/ubin". You then change directory to a naughty user's directory, say /usr/abc, and then innocently execute the command "compress", which you think is stored in /usr/ubin. Well, suppose the naughty user has a program called compress in his own directory? In that case you execute *his* compress, which does who- knows-what instead of the one in /usr/ubin. His compress could give user "abc" root permissions, for example. So one must be careful with what is one's PATH when root, and esp. the ordering. In order to execute a current directory entry, simply type "./file". Hope this helps, -- Derek Terveer root@elric.UUCP ..!clyde!lily!elric!root