[clug] .bash_aliases and .bashrc

Scott Ferguson scott.ferguson.clug at gmail.com
Sat Oct 18 17:14:27 MDT 2014

On 19/10/14 07:41, George at Clug wrote:
> Scott,
> To answer your question "I'd also be interested in what other people
> find useful", so far I do not often use scripts, when I do they are run
> as root, so I use su and then run in the terminal as root until I use
> 'exit' to exit from su. I find sudo a pain to use, so when forced to do
> so, I like 'sudo su'.  I guess this is not the "recommended" way to
> work, but I am used to being the "Administrator" in Windows
> environments. (any comments ?)

Even in Windows you 'should' only *log-in* as Administrator when you
have a compelling reason to do so. Otherwise the command should *run-as*
Administrator. Likewise with *nix.

> At times I use gksu;
> gksu [-u <user>] [options] <command>
> gksu nautilus

That pulls in a fair bit of GNOME, which is not always desirable, there
is kdesu for those that prefer the (qt libraries) KDE "bits" instead

> /The gksu command also has a few other tricks up its sleeve – it
> preserves your current desktop settings, so graphical programs won’t
> look out of place when you launch them as a different user. Programs
> such as gksu are the preferred way of launching graphical applications
> with root privileges.

Likewise kdesu

> Gksu uses either a su or sudo-based backend, depending on the Linux
> distribution you’re using./
> http://www.howtogeek.com/111479/htg-explains-whats-the-difference-between-sudo-su/
> *Below information provides basic explanation about these commands;*
> /The difference between sudo and su is how they perform authentication:
>     su prompts for the target user's password.
>     sudo checks whether the source user is authorized to run the command
> (the authorization is specified in /etc/sudoers). Depending on the
> configuration, it might prompt for the source user's password, both to
> mitigate the risk of an unattended console and to alert the user that
> privilege escalation is going on.
> Once authorized, the effect is the same: run a command as root (or, if
> specified on the command line, as some other user)./
> http://www.cyberciti.biz/open-source/command-line-hacks/linux-run-command-as-different-user/
> ---------------------------------------------
> /1) Required Password:
>     ‘sudo’ requires current user password.
>     Whereas, ‘su -c’ requires root user password. (This is no
> coincidence. Infact, this was the very reason for introduction of sudo
> command).

Um, that's one explanation for it's use. Another is that is was
considered "too hard" for "users" to maintain BP OpSec - the too common
example being "users" who wanted to be able to login to a DE as
root[*1]. An on-going problem.
I don't want to start another long debate on su vs. sudo - suffice to
say it's far from a simple[*2] subject, and that the Debian policy
defaults make sudo secure. Regardless I've had to clean up problems
resulting from people degrading that security for a few seconds
convenience - with or without sudo :(   Something about fools,
fool-proofing and evolution?

Too often I find "users" running sudo without passwords, which is not
unlike the Windoof variation - without the inter-Windows (MS don't have
a product called "Windows" nor did they first use the term)
authentication, um, issues. (how a program in a Windows Window
"authenticates" with another Windows Window). Likewise the use of the
same password - or allowing "sudo su" (I'm presuming you can see the
security issues with that?[*3]).
I have no problems with "sudo su" not requiring a password in Knoppix or
other LiveCDs.

Did you notice in the examples I gave that I use "su -c"? :)

[*1]"sux" is what should be used if someone 'needs' X *and* root.
[*2] e.g. consider run level 1 logins... (rescue mode).
[*2] if the "user" don't need to supply a password to elevate
permissions - neither does anything/anyone else running/logged in under
user permissions. Convenient for installing socially engineered
root-kits... (download teh bestest wireless network cracker/celebrity
porn desktop slideshow/warez downloader now!)


Kind regards

More information about the linux mailing list