UNIX: Switching Users with su

BRRABill

That's an interesting option, being able to log into a regular user account without a password.

I always wished I could do that when setting up Windows systems. I have to get the user to log into make those final little changes they like. Would be nice to do that without user intervention.

But isn't that a but of a security risk? Though I am expecting a response from @scottalanmiller saying you have to trust your root user, and that the root user has access anyway.

scottalanmiller

@BRRABill said in UNIX: Switching Users with su:

But isn't that a but of a security risk? Though I am expecting a response from @scottalanmiller saying you have to trust your root user, and that the root user has access anyway.

What is the perceived risk? The root account is not gaining any access that it did not already have. It is only "seeing things through the eyes of the user". There is no additional elevation of privilege here, root is already as elevated as it can be.

BRRABill

@scottalanmiller said in UNIX: Switching Users with su:

@BRRABill said in UNIX: Switching Users with su:

But isn't that a but of a security risk? Though I am expecting a response from @scottalanmiller saying you have to trust your root user, and that the root user has access anyway.

What is the perceived risk? The root account is not gaining any access that it did not already have. It is only "seeing things through the eyes of the user". There is no additional elevation of privilege here, root is already as elevated as it can be.

Well, in the Windows world you could not log in to see everything as the user unless you change their password.

Now, you could access all their data, which I guess is 99% the same thing.

scottalanmiller

@BRRABill said in UNIX: Switching Users with su:

@scottalanmiller said in UNIX: Switching Users with su:

@BRRABill said in UNIX: Switching Users with su:

But isn't that a but of a security risk? Though I am expecting a response from @scottalanmiller saying you have to trust your root user, and that the root user has access anyway.

What is the perceived risk? The root account is not gaining any access that it did not already have. It is only "seeing things through the eyes of the user". There is no additional elevation of privilege here, root is already as elevated as it can be.

Well, in the Windows world you could not log in to see everything as the user unless you change their password.

Now, you could access all their data, which I guess is 99% the same thing.

Right, in the Windows world as well you could make a copy of all of their data and settings and apply it to another account that is not theirs and "see" things as them without resetting their password. It is cumbersome, but you can do it. The Windows world has to block directly "seeing" things as a user because its audit trails do not track administrators through a change of that nature. UNIX does and knows what account under the hood is taking actions regardless of what account it "appears" to be on top.

Grey

Pop quiz: why do you need the dash with su?

BRRABill

And why is it sometimes

one dash

and other times

two dashes

for other commands?

alex.olynyk

@BRRABill Exactly! Inquiring minds want to know

travisdh1

@BRRABill said in UNIX: Switching Users with su:

And why is it sometimes

one dash

One dash is normally used for "shorthand", or shorted operators for the different programs. IE

ls -ha

-h is really --human-readable being passed to ls and
-a is really --all being passed to ls

and other times

two dashes

Two dashes are normally "long form", see my previous ls example.

for other commands?

It's really just up to whoever wrote the program. For example, mdadm has lots and lots of optional command line switches. Because of how many long form options mdadm has, very few can be a single letter and still have each option be unique.

I'm sure I've got the details wrong and @scottalanmiller will pipe in sometime soon.

BRRABill

@travisdh1 said in UNIX: Switching Users with su:

@BRRABill said in UNIX: Switching Users with su:

And why is it sometimes

one dash

One dash is normally used for "shorthand", or shorted operators for the different programs. IE

ls -ha

-h is really --human-readable being passed to ls and
-a is really --all being passed to ls

and other times

two dashes

Two dashes are normally "long form", see my previous ls example.

for other commands?

It's really just up to whoever wrote the program. For example, mdadm has lots and lots of optional command line switches. Because of how many long form options mdadm has, very few can be a single letter and still have each option be unique.

I'm sure I've got the details wrong and @scottalanmiller will pipe in sometime soon.

Will | in very soon?

travisdh1

@BRRABill said in UNIX: Switching Users with su:

@travisdh1 said in UNIX: Switching Users with su:

@BRRABill said in UNIX: Switching Users with su:

And why is it sometimes

one dash

One dash is normally used for "shorthand", or shorted operators for the different programs. IE

ls -ha

-h is really --human-readable being passed to ls and
-a is really --all being passed to ls

and other times

two dashes

Two dashes are normally "long form", see my previous ls example.

for other commands?

It's really just up to whoever wrote the program. For example, mdadm has lots and lots of optional command line switches. Because of how many long form options mdadm has, very few can be a single letter and still have each option be unique.

I'm sure I've got the details wrong and @scottalanmiller will pipe in sometime soon.

Will | in very soon?

I'm so puny I don't even know it!

scottalanmiller

@BRRABill said in UNIX: Switching Users with su:

And why is it sometimes

one dash

and other times

two dashes

for other commands?

Because "commands" aren't really what they are. They are independent applications. There are conventions but that is all that they are.

Grey

@Grey said in UNIX: Switching Users with su:

Pop quiz: why do you need the dash with su?

Still no answers for this... hint: it has to do with environment.

DustinB3403

@Grey said in UNIX: Switching Users with su:

@Grey said in UNIX: Switching Users with su:

Pop quiz: why do you need the dash with su?

Still no answers for this... hint: it has to do with environment.

Because it provides the user the full environmental experience of the new identity. For this reason, su is almost always used with a hyphen.

Grey

@DustinB3403 said in UNIX: Switching Users with su:

@Grey said in UNIX: Switching Users with su:

@Grey said in UNIX: Switching Users with su:

Pop quiz: why do you need the dash with su?

Still no answers for this... hint: it has to do with environment.

Because it provides the user the full environmental experience of the new identity. For this reason, su is almost always used with a hyphen.

Exactly! Lots of linux n00bs skip the dash and it's amazing to see the confusion when things just "aren't right" as they're working in the shell.

scottalanmiller

@Grey said in UNIX: Switching Users with su:

Pop quiz: why do you need the dash with su?

That was in the original article.

DustinB3403

@scottalanmiller said in UNIX: Switching Users with su:

@Grey said in UNIX: Switching Users with su:

Pop quiz: why do you need the dash with su?

That was in the original article.

And I quoted you without quoting you..... see what I did there, I switched a few words