Why use "su -" rather than "su"
Tony Nelson
tonynelson at georgeanelson.com
Sat Jul 16 17:14:39 UTC 2005
At 1:27 PM +0100 7/16/05, Timothy Murphy wrote:
>John Bray wrote:
>
>> and in any case, no matter if it is to root or another user, the -
>> guarantees you've picked up that user's entire environment. again, it's
>> the key to having consistent behavior when you are being that user, root
>> or otherwise.
>
>Could you give an example where the difference matters?
>(I usually say "su -" but I'm not really sure why.
>When I forget it never seems to cause any problem.)
The user you su from has put . in the path. A bad guy (maybe the
mischievous user) put a file named ls in the current directory. You do su.
You type ls. Something happens.
The path settings are different, so you may need to remember where commands
are stored. su - lets you "be" root without being distracted by extra
details that aren't relevent to the normal danger of being root. You make
an unnecessary mistake, such as typing rm -rf / usr/bin/foo.
None of this matters if you have faith in the user and faith that there
can't be any malware on your system.
____________________________________________________________________
TonyN.:' <mailto:tonynelson at georgeanelson.com>
' <http://www.georgeanelson.com/>
More information about the fedora-list
mailing list