For some reason su in shadow package strips useful environment varialbes in sanitize_env() (e.g. HOME, SHELL). This breaks documented behavior of su itself: man su states: -s, --shell SHELL The shell that will be invoked. The invoked shell is chosen from (highest priority first): ? The shell specified with --shell. ? If --preserve-environment is used, the shell specified by the $SHELL environment variable. ? The shell indicated in the /etc/passwd entry for the target user. ? /bin/sh if a shell could not be found by any above method. But since libmisc/env.c:sanitize_env (); is called at the very beginning of su, SHELL env gets stripped out and its value will never be used. This was reported upstream here: https://alioth.debian.org/tracker/index.php?func=detail&aid=312287&group_id=30580&atid=411478 ) Also by dropping HOME it impossible to use ejabberdctl (part of ejabberdctl). ejabberdctl does: EXEC="su - jabber -p -c" $EXEC some command and some command is erlang runtime which abort in case HOME is not set. Actuall error I see is: "erlexec: HOME must be set" The following patch in debian fixes both issue: http://patch-tracker.debian.org/patch/series/view/shadow/1:4.1.4.2-1/008_su_no_sanitize_env Please commit or give me ok to commit and I'll do together with ejabberd version bump. Just for recored fixed ebuild was pushed into my overlay here: http://overlays.gentoo.org/svn/dev/pva/sys-apps/shadow
And now patch was applied upstream: https://alioth.debian.org/scm/browser.php?group_id=30580
feel free to add the upstream commits
Thanks. Added to the tree. Upstream's patch is a bit different: the remove code instead of commented it out. But since this is one-liner and all references are in place I don't think this makes any difference.