Subject: | |
From: | |
Reply To: | ~Stack~ |
Date: | Sun, 11 Apr 2021 21:39:16 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
> On 2021-04-07 9:28 a.m., Teh, Kenneth M. wrote:
>> If you need to run a lot of commands as root, the easiest sudo method
>> is simply 'sudo su -' which makes you into root. The trailing '-'
>> does a login which replaces your environment with root's.
On 4/7/21 9:37 AM, Gilbert E. Detillieux wrote:
> How is that in any way better than "sudo -i" (which I already suggested,
> and which avoids a needless extra command invocation)?
>
Greetings,
There's history to those commands, but the end result is dang-near
identical these days. There's some distro-dependant differences that can
be found but for the vast majority of the time it is the same and can be
thought of as identical.
On *EL systems (RHEL/SL/Rocky/CentOS/ect) the end goal is damn near the
same. But there are minor differences. Follow along if you want. Open up
two shells side by side and in one run `sudo -i` and in the other `sudo
su -`.
First up, take a look at the process hierarchy. Sudo launches a sub-exec
of su from which your shell should now be running under if you did `sudo
su -` but with `sudo -i` it launches it directly.
Next up, run the command: `env |sort`. You will see that the `sudo su -`
stripped out all of the SUDO_* environment variables that `sudo -i` has.
Ok, so what?
Well... *shrug*
The short history is how and what bash resources were loaded. Since the
su is a complete reloading of the profile it's the same as logging in as
root with all the .profile and .bash_profile and .rc and blahblahblah
files read in. The `sudo -i` (a long time ago in a distro far far away)
used to only pull in a select subset of those profile files and there
was some cross-environment variables that were kept around. Some of
these details used to be more important for things like what gets listed
as the ID in auditd logs, but I'm pretty confident that all of those
things are similar and easily traced now with the newer audit logging
tools. Thus, I *think* it's now identical...but it's too late at night
for me to dig through audit logs to check! :-D
So what is the difference these days? It's one extra process vs a few
shell environment variables. I think there are a few more even _more_
minor details but I can't remember them. I have yet to hear a convincing
argument one over the other except for how many characters are typed.
Since I tend to be old school my fingers just type `sudo su -` before my
brain fully processes the thought. Yes, `sudo -i` is fewer characters
but muscle memory...it just happens. *shrug* :-D
Not sure that was "helpful" information, but hopefully it answered the
question. :-D
~Stack~
|
|
|