If you want to run a command as the substitute user without starting an interactive shell, use the -c, -command option. When the - option is used, -p is ignored. To preserve the entire environment ( HOME, SHELL, USER, and LOGNAME) of the calling user, invoke the command with the -p, -preserve-environment option. For example, to switch to root and to run the zsh shell, you would type: su -s /usr/bin/zsh If you want to run another shell instead of the one defined in the passwd file, use the -s, -shell option. This makes the shell a login shell with an environment very similar to a real login and changes the current directory The most commonly used option when invoking su is - ( -l, -login). The command will print the name of the user running the current shell session: root To confirm that the user is changed, use the whoami command: whoami The session shell ( SHELL) and home ( HOME) environment variablesĪre set from substitute user’s /etc/passwdĮntry, and the current directory is not changed. You will be prompted to enter the root password, and if authenticated, the user running the command temporarily becomes root. In my systems you always have to use sudo cause of the added benefits.When invoked without any option, the default behavior of su is to run an interactive shell as root: su Personally I NEVER run su - and my pam policy prohibits it, allowing no one to run it. That is becoming root but keep in mind that su and sudo are completely different and provide you with different tools as a system admin. When you do su - or sudo -i you do the same thing. Sudo also provides other benefits likes restricting the set of program a user can run, logs commands run under sudo and other things. This allows you to accomplish administrative task and then drop privileges immediately helping you avoid dangerous conditions. The next command you ran will be run like a normal user (unless you append the sudo command in the beginning). This command will erase the file because sudo will elevate you to root every time you use the sudo command before another command. The key element in sudo is it's ability to to run "one" command as root and then drop privileges to normal user.Įxample: Remove a file owned by root. Sudo has some characteristics that su does not. Also when you do su - everything you do is done as root and is dangerous to have that much power. no masters to rule us, no gods to fool us. Another difference which is applicable to Ubuntu and maybe Arch, is that 'su'ing to root you are asked for the root password, while using 'sudo' you are asked for your password, not the 'root' one. However there was always the need to separate privileges and leave some auditing info behind. Anyway, as an alternative to 'su', you could use 'sudo -i'. Su used to be the de facto way of becoming root on Linux systems. Long answer: sudo and su - are different programs that accomplish the same task, that is elevating you to root privileges. Sudo -i maintains the extra environment variables set by SUDO. If you diff those two straces, you'll see more exeve's being run for sudo su. Running su without specifying a username inside sudo changes the current user to root twice.Īnother way to investigate this is by running both commands with strace -f. Your first 'sudo' is already elevating your access level to root. Note that they are starting from the same bash process pid, 4482, but that su - seems to spawn another step.) You can see the extra processes by looking at 'ps auxf' (f gives you a forest view) They may provide functionally close to the same thing, but it seems 'sudo -i' is lighter weight and keeps some handy back references in your environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |