[sf-lug] /usr/sbin and now 'sudo -' vs 'su -'

aaronco36 aaronco36 at SDF.ORG
Fri May 15 17:02:09 PDT 2020 

Quoting Rick Moen rick at linuxmafia.com from [01]:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
As you may know, utilities in /usr/sbin and /sbin are ones normally used 
only by the superuser.  The default $PATH for the root user includes 
those.
Observe:

   [rick at linuxmafia]
   ~ $ echo $PATH

/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/home/rick/bin:/home/rick/bin
   [rick at linuxmafia]
   ~ $ su -
   Password:
   linuxmafia:~# echo $PATH

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
   linuxmafia:~# exit
   [rick at linuxmafia]
   ~ $

On rare occasions, a non-root user might have cause to run something in 
/sbin or /usr/sbin :  The classic example is /sbin/ifconfig .  But you 
come to know where they are from the rare occasions where you need them, 
and you just furnish the path from memory, e.g., my fingers do 
'/sbin/ifconfig' with the aid of shell tab completion without my having to 
think about it.

The reason /sbin and /usr/sbin should not be in $PATH for non-system users 
is that it creates various security risks, and many of the utilties in 
those directories are dangerous.

Oh, and the reason my shell session above has 'su -' instead of 'su' is to 
carefully avoid the root user inheriting the non-superuser's shell 
environment, which again would be a security risk, so make a point of 
always including that switch when su-ing to root. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

At the same time, there _are_ some sysadmins who would rather heatedly 
promote the use of 'sudo su -' for non-root users to "run something in 
/sbin or /usr/sbin" as opposed to staying logged in as the root-user via 
'su -' :-|

While of course there are better articles and explanations of this by Rick 
M and others, here are about a dozen starting references of these 
"superuser approaches" including both HowTo/explanatory articles as well 
as those and weighing the merits and drawbacks of either one.....
- Linux.com's 'Linux 101: Introduction to sudo'[02]
- Linux.com's 'How to Wrestle Control of Sudo With Sudoers'[03]
- How-To Geek's 'What's the Difference Between Sudo and Su in Linux?'[04]
- Fossbyte's 'What Is The Difference Between Sudo And Su In Linux?[05]
- HowtoForge's 'Understanding the difference between sudo and su command 
on Linux '[06]
- TechRepublic's 'Su-su-sudo your system: Keeping user permissions under 
complete control'[07]
- CyberArk's 'To Sudo or Not to Sudo? That is the Question'[08]
- Unix & Linux Stack Exchange's 'Difference between sudo user and root 
user'[09]
- Slashdot's 'Sudo vs. Root'[10]
- Quora's 'Is there any specific advantage to using "sudo su -"?'[11]
- Ask Ubuntu's 'What are the differences between "su", "sudo -s", "sudo 
-i", "sudo su"?'[12]
- The Tao of Debian's 'Some of the pros and cons of both approaches'[13]
- OSRadar's 'How to enable sudo on Debian 10?'[14]
- Debian Admin's 'Providing root privileges for users Using SUDO'[15]

Hope that this helps :-)

-A


=============================================================

References
=============================================================
[01]http://linuxmafia.com/pipermail/sf-lug/2020q2/014818.html
[02]https://www.linux.com/training-tutorials/linux-101-introduction-sudo/
[03]https://www.linux.com/topic/networking/how-wrestle-control-sudo-sudoers/
[04]https://www.howtogeek.com/111479/htg-explains-whats-the-difference-between-sudo-su/
[05]https://fossbytes.com/sudo-su-difference-linux/
[06]https://www.howtoforge.com/tutorial/sudo-vs-su/
[07]https://www.techrepublic.com/article/su-su-sudo-your-system-keeping-user-permissions-under-complete-control/
[08]https://www.cyberark.com/blog/to-sudo-or-not-to-sudo-that-is-the-question/
[09]https://unix.stackexchange.com/questions/291454/difference-between-sudo-user-and-root-user
[10]https://slashdot.org/story/06/03/21/1427241/sudo-vs-root
[11]https://www.quora.com/Is-there-any-specific-advantage-to-using-sudo-su?
[12]https://askubuntu.com/questions/70534/what-are-the-differences-between-su-sudo-s-sudo-i-sudo-su
[13]https://debian.wayoflinux.com/installing/post-install/configure-root-access/pros-and-cons-of-sudo-and-su
[14]https://www.osradar.com/how-to-enable-sudo-on-debian-10/
[15]https://www.debianadmin.com/providing-root-privileges-for-users-using-sudo.html
=============================================================

aaronco36 at sdf.org
-----------------

More information about the sf-lug mailing list