Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Execute commands as another user' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Execute commands as another user
Authored by: schnarr on Feb 21, '03 12:32:31PM

I've used sudo and su a lot, and there are reasons for using one or the other.

By what you're saying, you want to edit a file you don't own, which you can do by using 'sudo command', where command is the command you want to do (with any required parameters).
Say I want to edit /etc/passwd (for some reason)
I would type
sudo vim /etc/passwd
[my normal password]
This file is opened for editing as root, but when I save it and exit, I'm back to being my normal user.
Additional sudo commands done within the next 5 minutes don't need a password (and the timer resets with each call, so if you edit a bunch of files within 5 minutes of each other you can potentially chain hours or days together), so as long as you keep doing sudos, you won't need to authenticate yourself each time. The 5 minute limit is to ensure you don't walk away from your keyboard and give someone else temporary root.

I almost never use sudo -s, unless I need to do a ton of actions as root (debugging an install, for instance). With sudo -s you're leaving a door open in your system. For the most part, it's not that dangerous if you're just doing it at home, but you never know when the feds are going to wiretap your home for all those napster downloads...

A few notes about 'su':
using su instead of sudo makes your effective user ID=root (euid) as well as your uid. This has implications if you're running programs that have the sticky bit set that do a setuid or setgid - er, in English, that's programs that run as a different user than the owner of them and the program itself runs some part of itself as a different user. The ONLY place I've ever used anything like this is in a Web perl-CGI that needed to be executed with root priveleges, but run as a specific user (specifically because I was remote logging into machines where I didn't have a root password).

using 'su' without the '-' uses the current user's shell and environment variables. This is handy if you want to figure out problems with another user's shell variables. I've used this FAR too much (usually because of slow logins due to stale remote mounts or someone putting Xwindows display settings in their .cshrc).

The su I'm describing above is always 'su username' though - you really never need 'su -' unless you need your effective user ID set.



[ Reply to This | # ]