Miscellaneous > The Lounge
MES FAQ is a success!
TheQuirk:
Heh, it changed "su <your-usual-account>" to "su. . ."
Oh well, I'm replacing it with "exit."
voidmain:
And another tip for the n00bs, a <CTRL>+d will do the same thing as typing "exit" in most cases. I use it in place of "exit" when getting back to my normal user after an "su -" or for just closing a shell/terminal window in general. If you are multiple shell levels deep just keep pressing "d" while holding the <CTRL> key and it is a quick way to exit out of all of them. You can also use it to log out of a remote ssh/telnet session (only if you are at a blank shell prompt).
[ December 05, 2002: Message edited by: void main ]
DC:
quote:Originally posted by TheQuirk:
Someone sent me an email about that and I'm correcting it as we speak. . . Bah, it was you?
[ December 05, 2002: Message edited by: TheQuirk ]
--- End quote ---
Dunno - I did send a mail, but I don't know if it's the one you're referring to.
But good, it is corrected. The MES FAQ is cool again.
I did send the mail some weeks ago though. It is quite a security risk to su to a normal account as root though, so I wanted it changed.
voidmain:
quote:Originally posted by DC:
It is quite a security risk to su to a normal account as root though, so I wanted it changed.
--- End quote ---
Why? I do it all the time, although not for the reasons that were used in the FAQ which were the wrong reasons. For instance you may have certain special IDs that you need to run commands under that are normally locked from login access. Like my Amanda backup software runs under the user "operator" and some commands should be run as that user (like erasing tapes, cataloging functions etc). When you su from root to a normal user you are entering a shell with limited privilages, not elevated privilages. I could easily make the case how this is more secure by running commands under another user account that I su'ed to from root rather than running them directly under root.
You can become that user and run the commands under that user easily if you are already root. You don't want to give that user login access and set a password for it because that *will* reduce security. And you certainly don't want to have these processes run under the root ID if you don't have to (especially if they have network daemons which Amanda does).
Another good reason for doing it is if you are trouble-shooting user issues. It is not good security practice to make your users give you their passwords but you can "become" them by su'ing to their ID and trouble-shoot issues that occur under their ID.
But certainly you don't want to use it to get back to your own ID after becoming root with the "su" command, that indeed is... um... I won't say.
[ December 06, 2002: Message edited by: void main ]
Kintaro:
quote:Originally posted by TheQuirk:
Heh, it changed "su <your-usual-account>" to "su. . ."
Oh well, I'm replacing it with "exit."
--- End quote ---
I'd replace it with {CTRL-D}
Navigation
[0] Message Index
[*] Previous page
Go to full version