Why use "su -" rather than "su"
mike.mccarty at sbcglobal.net
Tue Jul 19 00:51:29 UTC 2005
Tony Nelson wrote:
>At 1:27 PM +0100 7/16/05, Timothy Murphy wrote:
>>John Bray wrote:
>>>and in any case, no matter if it is to root or another user, the -
>>>guarantees you've picked up that user's entire environment. again, it's
>>>the key to having consistent behavior when you are being that user, root
>>Could you give an example where the difference matters?
>>(I usually say "su -" but I'm not really sure why.
>>When I forget it never seems to cause any problem.)
>The user you su from has put . in the path. A bad guy (maybe the
I never put . in my path. Ever. I've been using *NIX systems for 10 years or
so, and never did that.
>mischievous user) put a file named ls in the current directory. You do su.
There are only three users on my system which can actually log in. No remote
logins are permitted. My machine is behind a router with a firewall.
>You type ls. Something happens.
Yes. I get a listing of the files. Not the lame aliased ls Fedora set up
>The path settings are different, so you may need to remember where commands
>are stored. su - lets you "be" root without being distracted by extra
>details that aren't relevent to the normal danger of being root. You make
>an unnecessary mistake, such as typing rm -rf / usr/bin/foo.
Yes, it's nice that. It's good for root to have a little extra help not
>None of this matters if you have faith in the user and faith that there
>can't be any malware on your system.
Well, I'd say it's unlikely. The last time someone other than me logged
on to my
machine was last February.
This message made from 100% recycled bits.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
More information about the users