On Tue, Aug 17, 2010 at 10:55:39AM +0100, Ted Harding wrote:
On 17-Aug-10 09:39:48, Tim Green wrote:
On 17 August 2010 10:00, Brett Parker iDunno@sommitrealweird.co.uk wrote:
On 16 Aug 20:43, Chris G wrote:
On Mon, Aug 16, 2010 at 06:45:55PM +0100, Tim Green wrote:
On 16 August 2010 17:34, Chris G cl@isbd.net wrote:
I tend to use 'sudo -s' when I want to do a series of things as root, it generally works fine but I have just noticed a minor issue. _It doesn't set a proper root environment so that you still have the environment of the user who sudo'ed to root - in particular there is the PATH which may have all sorts of oddities on it and HOME is still set to your home directory.
sudo -i
Which fires off a login shell as the user you're sudoing to, so, for instance, I tend to use: _ _sudo -u <someotheruser> -i
At which point I'm running their login shell, I am them, and I have the environment setup as them. Works, is much cleaner than wrapping a privelege escalation tool in a privilege escalation tool, and gives the correct results.
Thanks, Brett. The answer is, of course, in "man sudo" amongst the 18 or so other options. Tim.
I've been quietly watching this one, with slight puzzlement! If I'm logged in as (say) "ted", and in that login I do
su -
and at the prompt enter the root password, then I'm fully logged in as "root", environment and all. Ctrl+D to log out, of course, and back to being "ted".
Similar of course to switch to any other user, e.g. "guest":
su - guest
So what's all the fuss about?
That only works if you *have* a root password set up. Many distributions don't and expect all 'root' operations to be done by a user with sudo/root privileges rather than actually as root.
You can argue all day as to which is the best approach. Using sudo and not have a real root has the advantage that you don't have to remember another password and there is a trace of who broke things (I never do of course!).
On the other hand having a real root gives the extra security of needing to know the root password as well as the user's password. (Assuming root isn't allowed to ssh and you're worried about attacks that way)