Why use "su -" rather than "su"

[Mike McCarty]

Tony Nelson wrote:

>At 1:27 PM +0100 7/16/05, Timothy Murphy wrote:
>  
>
>>John Bray wrote:
>>
>>    
>>
>>>and in any case, no matter if it is to root or another user, the -
>>>guarantees you've picked up that user's entire environment.  again, it's
>>>the key to having consistent behavior when you are being that user, root
>>>or otherwise.
>>>      
>>>
>>Could you give an example where the difference matters?
>>(I usually say "su -" but I'm not really sure why.
>>When I forget it never seems to cause any problem.)
>>    
>>
>
>The user you su from has put . in the path.  A bad guy (maybe the
>  
>
I never put . in my path. Ever. I've been using *NIX systems for 10 years or
so, and never did that.

>mischievous user) put a file named ls in the current directory.  You do su.
>  
>
There are only three users on my system which can actually log in. No remote
logins are permitted. My machine is behind a router with a firewall.

>You type ls.  Something happens.
>  
>
Yes. I get a listing of the files. Not the lame aliased ls Fedora set up 
as default
for root.

>The path settings are different, so you may need to remember where commands
>are stored.  su - lets you "be" root without being distracted by extra
>details that aren't relevent to the normal danger of being root.  You make
>an unnecessary mistake, such as typing rm -rf / usr/bin/foo.
>  
>
Yes, it's nice that. It's good for root to have a little extra help not 
making mistakes.

>None of this matters if you have faith in the user and faith that there
>can't be any malware on your system.
>  
>
Well, I'd say it's unlikely. The last time someone other than me logged 
on to my
machine was last February.

Mike

-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!