-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 07/29/2010 12:22 PM, Boyd Stephen Smith Jr. wrote:
I understand your issues with all but the last one. A user may need
to "sudo su" due to configuration outside of their control. A system
that requires you to "sudo su" for some task is likely misconfigured,
but it is a useful tool to have around, as a user.
The rest are less useful, and generally imply a limited, incomplete,
or flawed understanding of one or more of the tools you are using.
I no longer configure my machines in a way that it allows a user to gain
full root via sudo. However, when I did, I found "sudo -i" to be more
appropriate than "sudo su" which seems to be more like "su -l". Of
course, you could always do "sudo su -l".
- From the manpage:
- -i The -i (simulate initial login) option runs the shell specified in
the passwd(5) entry of the user that the command is being run as.
The command name argument given to the shell begins with a ‘-’ to
tell the shell to run as a login shell. sudo attempts to change to
that user’s home directory before running the shell. It also ini‐
tializes the environment, leaving TERM unchanged, setting HOME,
SHELL, USER, LOGNAME, and PATH, and unsetting all other environment
variables. Note that because the shell to use is determined before
the sudoers file is parsed, a runas_default setting in sudoers will
specify the user to run the shell as but will not affect which
shell is actually run.