$PATH is taken from login.defs not /etc/environment

I pushed a slightly modified version of this to https://github.com/shadow-maint/shadow/pull/119

Fwiw, I looked at the code of "su.c" from util-linux (because debian/ubuntu may switch to it, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833256) and it looks like the bug is not present there. The su-common.c:modify_environment() code will first setenv_path() from login.defs and then do the supam_export_environment() which will override the existing PATH if /etc/environment also defines it.

This is now fixed upstream: https://github.com/shadow-maint/shadow/pull/119 - so the next shadow release should have it. This makes me also wonder if we should simply cherry pick it for disco.

@mvo I'm ok with the cherry-pick since I'd like to move over the complete login binary package to util-linux in Debian before merging shadox + util-linux to disco. If you have already tested the cherry-picked version please go ahead otherwise i put it on my TODO list for the next weeks.

This is "fixed" in disco - the "su" binary does no longer comes from "shadow" here but from util-linux. And there this bug does not exist.

Hello James, or anyone else affected,

Accepted shadow into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shadow/1:4.5-1ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello James, or anyone else affected,

Accepted shadow into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shadow/1:4.2-3.1ubuntu5.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

SRU validated, no issues found. Logs:
xenial: https://paste.ubuntu.com/p/9jdjdQns7t/
bionic: https://paste.ubuntu.com/p/P6CZ5WnmmB/

This bug was fixed in the package shadow - 1:4.5-1ubuntu2

---------------
shadow (1:4.5-1ubuntu2) bionic; urgency=medium

  * debian/patches/1013_extrausers_deluser.patch
    - add --extrausers option to "userdel" (LP: #1659534)
  * debian/patches/2000_fix-su-pam-env-handling.
    - fix "su -l" to correctly use pam_getenvlist (LP: #984390)

 -- Michael Vogt <email address hidden> Fri, 22 Mar 2019 20:05:38 +0100

The verification of the Stable Release Update for shadow has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package shadow - 1:4.2-3.1ubuntu5.4

---------------
shadow (1:4.2-3.1ubuntu5.4) xenial; urgency=medium

  * patches/1012_extrausers_chfn.patch:
    - add --extrausers option to "chfn" (LP: #1495580)
  * debian/patches/1013_extrausers_deluser.patch:
    - add --extrausers option to "userdel" (LP: #1659534)
  * debian/patches/2000_fix-su-pam-env-handling:
    - fix "su -l" to correctly use pam_getenvlist (LP: #984390)

 -- Michael Vogt <email address hidden> Fri, 22 Mar 2019 20:22:06 +0100