Why use "su -" rather than "su"
Mike McCarty
mike.mccarty at sbcglobal.net
Tue Jul 19 00:51:29 UTC 2005
Tony Nelson wrote:
>At 1:27 PM +0100 7/16/05, Timothy Murphy wrote:
>
>
>>John Bray wrote:
>>
>>
>>
>>>and in any case, no matter if it is to root or another user, the -
>>>guarantees you've picked up that user's entire environment. again, it's
>>>the key to having consistent behavior when you are being that user, root
>>>or otherwise.
>>>
>>>
>>Could you give an example where the difference matters?
>>(I usually say "su -" but I'm not really sure why.
>>When I forget it never seems to cause any problem.)
>>
>>
>
>The user you su from has put . in the path. A bad guy (maybe the
>
>
I never put . in my path. Ever. I've been using *NIX systems for 10 years or
so, and never did that.
>mischievous user) put a file named ls in the current directory. You do su.
>
>
There are only three users on my system which can actually log in. No remote
logins are permitted. My machine is behind a router with a firewall.
>You type ls. Something happens.
>
>
Yes. I get a listing of the files. Not the lame aliased ls Fedora set up
as default
for root.
>The path settings are different, so you may need to remember where commands
>are stored. su - lets you "be" root without being distracted by extra
>details that aren't relevent to the normal danger of being root. You make
>an unnecessary mistake, such as typing rm -rf / usr/bin/foo.
>
>
Yes, it's nice that. It's good for root to have a little extra help not
making mistakes.
>None of this matters if you have faith in the user and faith that there
>can't be any malware on your system.
>
>
Well, I'd say it's unlikely. The last time someone other than me logged
on to my
machine was last February.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
More information about the fedora-list
mailing list