LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

April 2021

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS April 2021

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: sudo - was Re: FWIW: AlmaLinux now available.
From:	"~Stack~" <[log in to unmask]>
Reply To:	~Stack~
Date:	Sun, 11 Apr 2021 21:39:16 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (58 lines)

 > On 2021-04-07 9:28 a.m., Teh, Kenneth M. wrote:
 >> If you need to run a lot of commands as root, the easiest sudo method
 >> is simply 'sudo su -' which makes you into root.  The trailing '-'
 >> does a login which replaces your environment with root's.

On 4/7/21 9:37 AM, Gilbert E. Detillieux wrote:
> How is that in any way better than "sudo -i" (which I already suggested, 
> and which avoids a needless extra command invocation)?
> 

Greetings,
There's history to those commands, but the end result is dang-near 
identical these days. There's some distro-dependant differences that can 
be found but for the vast majority of the time it is the same and can be 
thought of as identical.

On *EL systems (RHEL/SL/Rocky/CentOS/ect) the end goal is damn near the 
same. But there are minor differences. Follow along if you want. Open up 
two shells side by side and in one run `sudo -i` and in the other `sudo 
su -`.

First up, take a look at the process hierarchy. Sudo launches a sub-exec 
of su from which your shell should now be running under if you did `sudo 
su -` but with `sudo -i` it launches it directly.

Next up, run the command: `env |sort`. You will see that the `sudo su -` 
stripped out all of the SUDO_* environment variables that `sudo -i` has.

Ok, so what?

Well... *shrug*

The short history is how and what bash resources were loaded. Since the 
su is a complete reloading of the profile it's the same as logging in as 
root with all the .profile and .bash_profile and .rc and blahblahblah 
files read in. The `sudo -i` (a long time ago in a distro far far away) 
used to only pull in a select subset of those profile files and there 
was some cross-environment variables that were kept around. Some of 
these details used to be more important for things like what gets listed 
as the ID in auditd logs, but I'm pretty confident that all of those 
things are similar and easily traced now with the newer audit logging 
tools. Thus, I *think* it's now identical...but it's too late at night 
for me to dig through audit logs to check! :-D

So what is the difference these days? It's one extra process vs a few 
shell environment variables. I think there are a few more even _more_ 
minor details but I can't remember them. I have yet to hear a convincing 
argument one over the other except for how many characters are typed. 
Since I tend to be old school my fingers just type `sudo su -` before my 
brain fully processes the thought. Yes, `sudo -i` is fewer characters 
but muscle memory...it just happens. *shrug* :-D

Not sure that was "helpful" information, but hopefully it answered the 
question. :-D

~Stack~

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV