setpriv: follow /etc/login.defs for PATH

The patch also cleans up the --reset-env description in the man page.

Fixes: https://github.com/util-linux/util-linux/issues/3560
Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/meson.build b/meson.build
index 441dab8a233565e9f857e7d050aa8ba2c9ff7e47..e225454d708d067b9ca28f4434af22b2bea3320b 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -2175,7 +2175,7 @@ exe = executable(
   'setpriv',
   setpriv_sources,
   include_directories : includes,
-  link_with : [lib_common],
+  link_with : [lib_common, logindefs_c],
   dependencies : [lib_cap_ng],
   install_dir : usrbin_exec_dir,
   install : opt,

diff --git a/sys-utils/Makemodule.am b/sys-utils/Makemodule.am
index 1055312db4b4576d13a4a66c26dc38cfef6c1dd9..e6c3f85ac4d9a6852ae9f679e4b6154251c977f8 100644 (file)
--- a/sys-utils/Makemodule.am
+++ b/sys-utils/Makemodule.am
@@ -592,7 +592,8 @@ usrbin_exec_PROGRAMS += setpriv
 MANPAGES += sys-utils/setpriv.1
 dist_noinst_DATA += sys-utils/setpriv.1.adoc
 setpriv_SOURCES = sys-utils/setpriv.c \
-                 lib/caputils.c
+                 lib/caputils.c \
+                 lib/logindefs.c
 dist_noinst_HEADERS += sys-utils/setpriv-landlock.h
 if HAVE_LINUX_LANDLOCK_H
 setpriv_SOURCES += sys-utils/setpriv-landlock.c

diff --git a/sys-utils/setpriv.1.adoc b/sys-utils/setpriv.1.adoc
index 66a087b87c887b9708065ebf7d698ae394084e5b..a5b30159badb808f52c8007f40deaa0f6e7d7df2 100644 (file)
--- a/sys-utils/setpriv.1.adoc
+++ b/sys-utils/setpriv.1.adoc
@@ -121,9 +121,12 @@ Load raw BPF seccomp filter code from a file.
 Filters can for example be created with *enosys*.
 
 *--reset-env*::
-Clears all the environment variables except *TERM*; initializes the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME* according to the user's passwd entry; sets *PATH* to _/usr/local/bin:/bin:/usr/bin_ for a regular user and to _/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin_ for root.
+* clears all the environment variables except *TERM* environment variable
+* initializes the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME* according to the user's passwd entry
+* the environment variable *SHELL* defaults to */bin/sh* if none is given in the user's passwd entry.
+* resets *PATH* senvironment variable according to setting in _/etc/login.defs_ (*ENV_PATH*, *ENV_SUPATH* or *ENV_ROOTPATH* variables), or defaults to _/usr/local/bin:/bin:/usr/bin_ for a regular user and to _/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin_ for root.
 +
-The environment variable *PATH* may be different on systems where _/bin_ and _/sbin_ are merged into _/usr_. The environment variable *SHELL* defaults to */bin/sh* if none is given in the user's passwd entry.
+The environment variable *PATH* may be different on systems where _/bin_ and _/sbin_ are merged into _/usr_.
 
 include::man-common/help-version.adoc[]
 

diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
index 433db603163b045a8c9af28ce248ccdc2fe6dc43..2fcf78add6ea38a25232c3aaf29f6a57443bebfe 100644 (file)
--- a/sys-utils/setpriv.c
+++ b/sys-utils/setpriv.c
@@ -46,6 +46,8 @@
 #include "setpriv-landlock.h"
 #include "seccomp.h"
 
+#include "logindefs.h"
+
 #ifndef PR_SET_NO_NEW_PRIVS
 # define PR_SET_NO_NEW_PRIVS 38
 #endif
@@ -744,10 +746,7 @@ static void do_reset_environ(struct passwd *pw)
        xsetenv("USER", pw->pw_name, 1);
        xsetenv("LOGNAME", pw->pw_name, 1);
 
-       if (pw->pw_uid)
-               xsetenv("PATH", _PATH_DEFPATH, 1);
-       else
-               xsetenv("PATH", _PATH_DEFPATH_ROOT, 1);
+       logindefs_setenv_path(pw->pw_uid);
 }
 
 static uid_t get_user(const char *s, const char *err)