You are not logged in.
Pages: 1
I understand they both give me root privileges (su = till I exit; sudo = only for that command)
Is there a downside to using su and doing some commands and then exiting the su, rather than using sudo in front of some of your commands?
Am I missing some obvious difference, or is it just matter of preference?
Offline
Su makes it easier for multiple commands, like when you know you will have to enter many:
EXAMPLE (I had to do this every time before I installed netcfg):
[you@yourmachine]$ su
[password]
[root@yourmachine]$ iwconfig rate wlan0 5.5M fixed
[root@yourmachine]$ wpa_supplicant -B -Dwext -iwlan0 -c /etc/wpa_supplicant.conf
[root@yourmachine]$ dhcpcd wlan0
Sudo is simple for one code things:
EXAMPLE:
[you@yourmachine]$ sudo pacman -S gnome gnome-extra chromium thunderbird
[password]
I personally prefer sudo for one liners, and su for multi-liners. It really is preference though... I think
Last edited by pivotraze (2011-08-24 02:51:29)
Offline
That was what I thought. I just was making sure what was in my head was right.
Thank you
Offline
Sudo is also sort of like a safety net, allowing only temporary root privileges and making it less likely for you to accidentally hose your system.
Offline
Su makes it easier for multiple commands, like when you know you will have to enter many:
sudo -sH
Offline
pivotraze wrote:Su makes it easier for multiple commands, like when you know you will have to enter many:
sudo -sH
Ah, I learnt something new today!
Offline
man sudo -> sudo, sudoedit - execute a command as another user
man su -> su - run a shell with substitute user and group IDs
"If the person you are talking to doesn't appear to be listening, be patient. It may simply be that he has a small piece of fluff in his ear." - A.A. Milne (Winnie-the-Pooh)
Offline
sudo also allows you to define exactly what command(s) each user is allowed to run with root privileges. I suppose you only have one user account on your box (you), but if you had for example 3, you could decide that one can run everything as root (typically you), another one is only allowed to run pacman -or mount or eject or whatever-, and the third one is not allowed to run any command as root... with sudo, there is no need to give the second one the root password, which is safer.
I'm French and French people can't speak English, so please please please excuse the terrible English!
Offline
The reason I don't use sudo is that any script can issue a sudo and if the timing is lucky (within a previous sudo call timeout) it can get root rights immediately. This scares me.
zʇıɹɟʇıɹʞsuɐs AUR || Cycling in Budapest with a helmet camera || Revised log levels proposal: "FYI" "WTF" and "OMG" (John Barnette)
Offline
The reason I don't use sudo is that any script can issue a sudo and if the timing is lucky (within a previous sudo call timeout) it can get root rights immediately. This scares me.
You can easily turn that off.
Offline
SanskritFritz wrote:The reason I don't use sudo is that any script can issue a sudo and if the timing is lucky (within a previous sudo call timeout) it can get root rights immediately. This scares me.
You can easily turn that off.
wiki.
I'm French and French people can't speak English, so please please please excuse the terrible English!
Offline
This only applies to the same shell in which you ran sudo. Another shell, another auth.
Offline
sudo comes in handy when you want to run as a different user rather than simply root. For example I use sudo to search the AUR as user if I'm logged in as root.
I personally like to have a bash shell open as root and one or more as user. It is better to use sudo if you cannot guarantee the physical security of the computer.
Rauchen verboten
Offline
For example I use sudo to search the AUR as user if I'm logged in as root
Why?? You don't need elevated permission to search AUR. Hell, even official repos can be searched with pacman without sudo.
There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !
Offline
su -c can be used in place of sudo, I'm not sure of the techincal details, but it doesn't rely on the sudo package (although many scripts do, so you still need them)
Offline
Sudo also allows for a finer degree of administrative control, letting you grant certain commands user privileges with visudo (shutdown, restart, pm-suspend, ifconfig, hwclock, etc.). Assuming you're not using a full DE, it's useful if you want to set such relatively benign commands to keybindings, aliases or a clickable icon on a panel.
Offline
SS4 wrote:For example I use sudo to search the AUR as user if I'm logged in as root
Why?? You don't need elevated permission to search AUR. Hell, even official repos can be searched with pacman without sudo.
I meant more for searching and then building from AUR since I believe it's unwise to call makepkg as root
Rauchen verboten
Offline
That's what the wiki says SS4. That it's unwise to makepkg as root. I just make sure to always run makepkg -s whenever I do haha
Offline
Sudo also allows for a finer degree of administrative control, letting you grant certain commands user privileges with visudo (shutdown, restart, pm-suspend, ifconfig, hwclock, etc.). Assuming you're not using a full DE, it's useful if you want to set such relatively benign commands to keybindings, aliases or a clickable icon on a panel.
That's true. But I think that if security is really important, it is generally a bad idea to let users run commands as root. It open a hole when we could escalating it to have full root access. User commands that need root access usually have the suid bit set and can be run without sudo. Usually these commands only run a small partion of themselves with root access and drop root privilege afterwards. This small portion of code is double,tripled-checked.
For example letting a user to run pacman as root allow him easily to have full root access (just install a custom made package that overwrite /etc/passwd).
Last edited by olive (2011-08-24 22:08:50)
Offline
Pages: 1