It is expected to have util-linux su on gnu/linux system. For some reason an inferior su implementation is provided by shadow package instead. Reproducible: Always 1. More than half of the flags are not supported: -f, -g, -G, -P, -w, and -V 2. Does not allow to login with high limits. But it does allow when run with strace, making it hard to debug.
The ebuilds could be fixed with USE="shadow-su" set (by the default?) for musl and others if they need it.
Created attachment 596036 [details] sys-apps/shadow-4.6-r1.ebuild with 'su' use flag
Created attachment 596038 [details] sys-apps/util-linux-2.33.2-r1.ebuild with 'su' use flag
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30c4a8ad9c4fc913b0fc0b2530d9d03ded040852 commit 30c4a8ad9c4fc913b0fc0b2530d9d03ded040852 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-11-19 10:36:19 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-11-19 10:37:04 +0000 sys-apps/shadow: Introduced "su" USE flag Moved passwd from /usr/bin to /bin (again) as it breaks at least one package that has passwd path hardcoded (net-misc/scponly) Thanks-to: fling <fling@member.fsf.org> Bug: https://bugs.gentoo.org/699930 Package-Manager: Portage-2.3.79, Repoman-2.3.18 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> sys-apps/shadow/files/shadow-4.7-optional_su.patch | 130 ++++++++++++ sys-apps/shadow/metadata.xml | 3 + sys-apps/shadow/shadow-4.7-r2.ebuild | 234 +++++++++++++++++++++ 3 files changed, 367 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd7f284c1cbc22e582e72528318da31d59571ea7 commit fd7f284c1cbc22e582e72528318da31d59571ea7 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-11-19 08:42:52 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-11-19 10:37:03 +0000 sys-apps/util-linux: Introduced "logger" and "su" USE flags Thanks-to: fling <fling@member.fsf.org> Bug: https://bugs.gentoo.org/699930 Package-Manager: Portage-2.3.79, Repoman-2.3.18 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> sys-apps/util-linux/metadata.xml | 2 ++ sys-apps/util-linux/util-linux-9999.ebuild | 12 +++++++++--- 2 files changed, 11 insertions(+), 3 deletions(-)
Please also have a look at bug #622666. Thanks.
We actually migrated a little while ago.
We now default to util-linux[su].
Caveat emptor! This is *no drop-in replacement*, the respected options and behavior of the commands are *different*. The one from util-linux *don't* pass the whole environment in login mode but will strip it down to a few variables. One have to use the option -w (or --whitelist) to pass others. In the other hand, the one from shadow isn't aware of this options and will fail. In addition, it don't support a version option like -V. Therefore it's very unhandy to write a robust scripts supporting both versions of su.
(In reply to Guido Jäkel from comment #8) Both variants of su are out in the wild, so a "robust" script would need to account for them anyway. Also, util-linux provides better alternatives in "runuser" and "setpriv".
