[PLUG] su/sudo [Re: Backup problems (urgent)]

Robert Miesen robert.miesen at gmail.com
Mon Aug 18 20:33:07 UTC 2014


I never meant to imply that you could be only partially root by saying 
"99.9% root". What I meant was having "99.9% of the//root UX//". When I 
switched from running a Debian distribution to running a Kubuntu 
distribution, one of the differences I noticed is that when I sudo'ed a 
command, sometimes it would flunk out due to permission errors. I 
believe those came from either certain environmental variables not 
getting setup correctly or sudo not propagating the effective UID of the 
sudo'ed process to child processes. The solution to those sorts of 
problems was for me to run 'sudo -i', then run the command in question.

The bigger problems are (1) you don't necessarily have your own /root 
folder with your own root-sepcific .profile and .bashrc files and (2) if 
the /etc/sudoers file gets corrupted in any way whatsoever, the only way 
to fix it if you don't have a sudo-ed editor / shell running is to 
reboot into runlevel S and correct the error. That is why I call 'sudo 
-i' being "99.9% root": you get all of the power of root, but only most 
of UX of being root.


On 08/18/2014 11:20 AM, Micah Cowan wrote:
> On Mon, Aug 18, 2014 at 10:16 AM, Robert Miesen <robert.miesen at gmail.com>
> wrote:
>
>> there are some things that a "99.9% root"
>> shell can't do that a "true root" shell can do. I don't remember off the
>> top of my head what those are, but maybe someone else on this mailing
>> list will.
>>
> There's no such thing as 99.9% root. You either have uid 0, or you don't.
> You could conceivably drop some privs with setpriv (I think?), but neither
> command does that of course.
>
> It's only slightly more complicated than that, as there are two "user ids"
> (real and effective). Both su and sudo set both uids (getting the effective
> one by virtue of being setuid binaries, and then setting the real id
> explicitly). You can verify this with "su -c id -r" and "sudo id -r".
>
> It is therefore impossible for a difference to exist between sudo's root
> and su's root. They are both 100% pure root. There are potential
> differences in environment, owing to whether or not HOME is set
> appropriately, whether this shell is tracked by the login facilities
> utmp/wtmp, and of course the fact that sudo tries to remove potentially
> dangerous environment settings so the user doesn't shoot himself in the
> foot by mistake (as configured in /etc/sudoers). But claims you can "do
> stuff in su's root that you can't in sudo's" are just plain wrong.
>
> FWIW, I don't care whether people use su or sudo. This conversation may
> make me seem like a "sudo evangelist" or something, but I really don't give
> a shit what people use for themselves. But folks should have accurate
> information before they decide what tool's best for them, and taking time
> to criticize someone's advice on the basis that they recommended using
> "sudo cp -a" because "it can't do everything su does", belies a fundamental
> misconception about Unix/Linux uids and permissions.
>
> -mjc
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug




More information about the PLUG mailing list