On Mon, Aug 18, 2014 at 10:16 AM, Robert Miesen <[email protected]> wrote:
> there are some things that a "99.9% root" > shell can't do that a "true root" shell can do. I don't remember off the > top of my head what those are, but maybe someone else on this mailing > list will. > There's no such thing as 99.9% root. You either have uid 0, or you don't. You could conceivably drop some privs with setpriv (I think?), but neither command does that of course. It's only slightly more complicated than that, as there are two "user ids" (real and effective). Both su and sudo set both uids (getting the effective one by virtue of being setuid binaries, and then setting the real id explicitly). You can verify this with "su -c id -r" and "sudo id -r". It is therefore impossible for a difference to exist between sudo's root and su's root. They are both 100% pure root. There are potential differences in environment, owing to whether or not HOME is set appropriately, whether this shell is tracked by the login facilities utmp/wtmp, and of course the fact that sudo tries to remove potentially dangerous environment settings so the user doesn't shoot himself in the foot by mistake (as configured in /etc/sudoers). But claims you can "do stuff in su's root that you can't in sudo's" are just plain wrong. FWIW, I don't care whether people use su or sudo. This conversation may make me seem like a "sudo evangelist" or something, but I really don't give a shit what people use for themselves. But folks should have accurate information before they decide what tool's best for them, and taking time to criticize someone's advice on the basis that they recommended using "sudo cp -a" because "it can't do everything su does", belies a fundamental misconception about Unix/Linux uids and permissions. -mjc _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
