Shell confusion

Craig White craigwhite at azapple.com
Fri Mar 13 15:43:49 UTC 2009 

On Fri, 2009-03-13 at 15:09 +0000, Dave Bolt IT Solutions wrote:
> Thanks for the explanation of the use of - in the su command.
> I checked the man pages for su, (why did you put su(1)), and found the 
> following
> comment about a login shell,
> -, -l, --login
>     make the shell a login shell
> which did not lead me to understand that a user's login script would have 
> been run. (Doesn't seem to make
> any difference in this case anyway).
> Regards
> Dave
> 
> ----- Original Message ----- 
> From: "Garry T. Williams" <gtwilliams at gmail.com>
> >
> > Check the manual page for su(1).
> >
> > If you had entered `su - amandabackup', that user's login scripts
> > would have been run.
> >
> > In general, using su without its `-' parameter is a bad idea[*]
> > especially when switching to the root login.
> >
----
I've been watching this thread because others are much more shell
knowledgeable than I but my understanding of bash usage of the 'su'
command is...

[craig at aspire-one X11]$ su - gedit xorg.conf
su: user gedit does not exist
# this doesn't work because it expects the next argument to be the
actual user

[craig at aspire-one X11]$ su - -c 'xorg.conf'
Password:
-bash: xorg.conf: command not found
# this passes the -c argument (execute command), getting closer but
still a failure because the system didn't understand what I wanted.

[craig at aspire-one X11]$ su - -c 'gedit xorg.conf'
Password:
# this was really close but even though my current directory
was /etc/X11, the file xorg.conf was empty and had I saved my edits, it
would have saved them in /root because when executing the 'su -' portion
of the argument, it loaded root's environment which caused it to switch
the current path to /root

[craig at aspire-one X11]$ su - -c 'gedit /etc/X11/xorg.conf'
Password:
# this clearly works as it specifically calls the editor and the exact
file to edit.

[craig at aspire-one X11]$ su -c 'gedit xorg.conf'
Password:
# this sort of works but it does toss the following error which I can
seemingly ignore...I don't recommend this but it doesn't load the normal
root environment which moves me back to /root.
Failed to get connection to session: Did not receive a reply. Possible
causes include: the remote application did not send a reply, the message
bus security policy blocked the reply, the reply timeout expired, or the
network connection was broken.)

I would probably suggest that you get used to a terminal based editor
rather than a GUI editor (something like vi or emacs) and you could just
'su -' and become root and not have to deal with various security issues
of running gtk as root but even so, the usage of '-c' option with the su
command gives you the ability to become superuser for just one process,
much like the sudo command (and sometimes sudo is easier but you have to
edit /etc/sudoers to allow yourself to sudo).

Craig

More information about the fedora-list mailing list