Always use su with minus. And where do programs come from?
Archive - Originally posted on "The Horse's Mouth" - 2009-05-27 07:15:58 - Graham Ellis
When you're using the su command to do systems admin work as route, you should always add the - options (minus sign on its own) to start a new root environment too. This means that the PATH that executable files are found from is replaced (amongst other things) - so you can find things like ifconfig automatically, and you'll not get caught by any 'Trojans' set up for you within the account from which you have su'd.
Here's an example of the problem - I've set up a nasty script called "ls" in the current user's home directory, and altered his path to look at current directory first:
[trainee@easterton ~]$ su
Password:
[root@easterton trainee]# ls
Your disc has been scrubbed clean!
[root@easterton trainee]#
oops! Run with su - there's more to do as you have to change back to the source directory - BUT you don't get caught by the nasty ls script (which was just an echo for my demo!)
[trainee@easterton ~]$ pwd
/home/trainee
[trainee@easterton ~]$ su -
Password:
[root@easterton ~]# cd ~trainee
[root@easterton trainee]# ls
build Desktop transwilts2009.odt transwilts2009.pdf
dbn ls transwilts_2009.pdf website
[root@easterton trainee]#
This diagram shows where executable files are commonly loaded from on a Linux / Unix system. Directories called bin are for regular user accessible programs, with those which are intended for the system administrator being in sbin. There's nothing to stop a regular user who knows about a system command from running it, but most of these programs will reject requests for anything more that information enquiries if they're run by none-root users.
Why 3 directories of each name? Those at the top level are programs which are needed early in the system boot up procedure. Those in /usr are the majority of operating systems commands (not needed at early boot stage) and those in /usr/local - if any - will be the locally added / installed extra software that your local admin has added to the base system.
This diagram shows where executable files are commonly loaded from on a Linux / Unix system. Directories called bin are for regular user accessible programs, with those which are intended for the system administrator being in sbin. There's nothing to stop a regular user who knows about a system command from running it, but most of these programs will reject requests for anything more that information enquiries if they're run by none-root users.