Admin rights su, su -, su - -c, and sudo

Every day solutions to every day challenges. + Brilliant stuff

Moderators: b1o, jkerr82508

Forum rules
Please feel free to post your tip it does not have to be advanced. Also ask questions directly related to the tip here. But do not start new threads with questions or ask for help here. That is what the help section is for. forum rules: http://bjoernvold.com/forum/viewtopic.php?f=8&t=568
Post Reply
User avatar
viking60
Über-Berserk
Posts: 9351
Joined: 14 Mar 2010, 16:34

Admin rights su, su -, su - -c, and sudo

Postby viking60 » 02 Jul 2015, 09:35

Even if you are the administrator of your system you do surf the net and do non admin stuff; stuff that is safer to do without admin rights.

It is best to do most of your work as regular user and use su or sudo to do the root stuff.
It is a bit like Clark Kent and Superman - when needed you put on your cape and fly.

There is a difference in the rights you get depending on you go about this.
To become root many simply type

Code: Select all

su
and enter the password.
This changes your user and group ID, but not much else. You must run exit, or use [Ctrl]+d to return to normal user status.

Code: Select all

su -
(or su -l)
acts as if you logged in as the root user. This is better than running with no options. To logout type exit or [Ctrl]+d
The important part is to log out again and become "Clark Kent" for everyday tasks.

To simply run a command as root and jump right back to normal status you can use the -c switch:

Code: Select all

su - -c iftop

This saves you the "hassle" of logging out. This is the best way of using admin rights; you become Superman, save the world and go right back to the Daily Planet as Clark Kent.
If you want to run a command with spaces in it then you need to use quote marks like this:

Code: Select all

su - -c "ip addr"

Image
    All of the methods above are considered safer than using sudo by some but sudo offers some advantages.
    Fewer passwords to remember (Keep it Simple, Slick!)
    sudo logs commands run and the users who use (or attempt to use) sudo
    sudo eliminates root account, meaning attackers must figure out which users are admins
    sudo allows you to control who can run which commands, and from which systems
    sudo offers a five-minute timeout (by default), so you can run further sudo commands without re-entering your password. After five minutes, though, you return back to normal privileges and must enter your password again

Code: Select all

sudo -i
will open a root shell and let you do root stuff so you need to log out again.

sudo -u lets you log in as another user on the system this can be handy when you need to edit a common file in that user's home.

Code: Select all

sudo -u that_user nano /home/that_user/backup.log


Code: Select all

sudo -l will list what permissions you have

These rights are set in the /etc/sudoers file.

and sudo -e (or sudoedit) will let you edit files that normally requires root privileges:

Code: Select all

sudo -e /etc/salt/master
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"
Top
Post Reply

Return to “Tips & Tricks”