Re: .Xauthority and kdm
On Mon, Jul 02, 2001 at 08:38:53AM -0500, ktb wrote:
> On Mon, Jul 02, 2001 at 03:22:59PM +0200, Joost Kooij wrote:
> > On Mon, Jul 02, 2001 at 03:03:02PM +0200, tim wrote:
> > > tim@tim:~$ su
> > ^^^
> > Where is the '-'?
> >
> > Never "su", alway "su -". There is a reason for it. It is not to
> > hassle you with having to change directories.
> >
>
> Could you elaborate on the "reason?" My understanding is when using "-"
> you are dropped into a login shell and it is like you logged in as root
> directly. I've read many accounts where people say you shouldn't log in
> as root but login as a regular user and then "su" to root. Course a
> person should probably always "/bin/su" or "/bin/su -" to avoid trojans but
There are two issues here:
1. "never login as root, use su instead"
This is a policy that many sites have, because you cannot see from the
logs who (actual person) logged in as root (on the console, but then some
sites even have telnet open for root). If people use su, they have to
be logged in already as some user, which can be logged by su. If there
are many people on your site who can become root, it can be nice to know
who copulated up the client's production server, yesterday at 17:30.
2. "su -" gives you a login environment, "su" does not.
This issue is entirely orthogonal to the above one. If you do not clear
the user environment and establish a regular root login shell, unexpected
things may happen, because of bad settings of environment variables
like HOME, USER, PATH, TMPDIR, LD_LIBRARY_PATH, LD_PRELOAD, DISPLAY,
to name a few. These variables are in your environment precisely to
influence the way programs act and react. Don't be careless about that.
If you run dpkg with a busted PATH setting, all installation scripts
called by dpkg will also run with this setting. They might break,
and who's to blame? You.
Cheers,
Joost
Reply to: