Results 1 to 8 of 8

Thread: sudo su - versus sudo -i

  1. #1
    Join Date
    Jan 2005
    Location
    South Africa
    Beans
    2,098
    Distro
    Ubuntu 12.04 Precise Pangolin

    sudo su - versus sudo -i

    In a thread I suggested to use sudo su - to become root temporarily. I was advised that sudo -i would be a better choice.

    I'm very curious why that is the case. Threads that I've found omit the dash from the first command, so don't apply.

    Code:
    "var"               |"sudo su -"                                                    |"sudo -i"
    --------------------+---------------------------------------------------------------+--------------------------------------------------------------------------
    "SHELL"             |"/bin/bash"                                                    |"/bin/bash"
    "TERM"              |"linux"                                                        |"linux"
    "USER"              |"root"                                                         |"root"
    "LS_COLORS"         |                                                               |
    "MAIL"              |"/var/mail/root"                                               |"/var/mail/wim"
    "PATH"              |"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" |"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"
    "PWD"               |"/root"                                                        |"/root"
    "LANG"              |"en_ZA.UTF-8"                                                  |"en_ZA.UTF-8"
    "SPEECHD_PORT"      |6560                                                           |6560
    "SHLVL"             |1                                                              |1
    "HOME"              |"/root"                                                        |"/root"
    "LOGNAME"           |"root"                                                         |"root"
    "LESSOPEN"          |"| /usr/bin/lesspipe %s"                                       |"| /usr/bin/lesspipe %s"
    "LESSCLOSE"         |"/usr/bin/lesspipe %s %s"                                      |"/usr/bin/lesspipe %s %s"
    "_"                 |"/usr/bin/env"                                                 |"/usr/bin/env"
    --------------------+---------------------------------------------------------------+--------------------------------------------------------------------------
    "XDG_SESSION_COOKIE"|"a7a40db8cf4c937acb049b764d08c288-1312375570.325101-1940988668"|
    "SUDO_USER"         |                                                               |"wim"
    "SUDO_UID"          |                                                               |1000
    "USERNAME"          |                                                               |"root"
    "SUDO_GID"          |                                                               |1000
    Highlighted in red are the differences in the environment (mail, path and the 5 lines at the end). Please explain to me why sudo -i is the better choice.
    If you don't make backups of your important data, your data is obviously not important to you.

  2. #2
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: sudo su - versus sudo -i

    You are correct , the difference is with the resulting environmental variables.

    sudo -i is "cleaner"

    See: http://ubuntuforums.org/showpost.php...26&postcount=4

    If you have your user environmental variables it can cause either a (minor) security risk or ownership of your files in your home directory owned by root, which from time to time causes breakage, you will see it come up about once a month on these forums.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  3. #3
    Join Date
    Jan 2005
    Location
    South Africa
    Beans
    2,098
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: sudo su - versus sudo -i

    That post does not cover the specific command that I use. Note the dash at the end of sudo su - which (according to man su) sets the correct environment.
    The optional argument - may be used to provide an environment similar to what the user would expect had the user logged in directly.
    And from the results I showed, I don't see root's environmental variables being corrupted.

    It sets a cleaner path () as root does not play games And one can actually say that sudo -i corrupts root's mail variable.

    But that might be nitpicking (or whatever it is called in english).
    If you don't make backups of your important data, your data is obviously not important to you.

  4. #4
    Join Date
    Feb 2007
    Location
    Romania
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: sudo su - versus sudo -i

    The behavior of sudo -i and su - is well documented in man sudo and man su, respectively.

    When you run sudo su -, you use two different setuid root commands. It's much harder to predict which variables will be reset and which will be kept.

  5. #5
    Join Date
    Feb 2007
    Location
    Romania
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: sudo su - versus sudo -i

    Quote Originally Posted by Wim Sturkenboom View Post
    It sets a cleaner path () as root does not play games And one can actually say that sudo -i corrupts root's mail variable.

    But that might be nitpicking (or whatever it is called in english).
    According to the man page sudo -i leaves DISPLAY and TERM unchanged and sets HOME, MAIL, SHELL, USER, LOGNAME, and PATH, as well as the contents of /etc/environment on Linux and AIX systems.

    In Ubuntu, by default, the PATH is set in /etc/environment.

    Not sure why didn't reset MAIL for you, it works here as expected.
    Last edited by sisco311; August 3rd, 2011 at 08:08 PM.

  6. #6
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: sudo su - versus sudo -i

    Quote Originally Posted by Wim Sturkenboom View Post
    That post does not cover the specific command that I use. Note the dash at the end of sudo su - which (according to man su) sets the correct environment.


    And from the results I showed, I don't see root's environmental variables being corrupted.

    It sets a cleaner path () as root does not play games And one can actually say that sudo -i corrupts root's mail variable.

    But that might be nitpicking (or whatever it is called in english).
    You can use what you like. I was merely answering your question

    Quote Originally Posted by Wim Sturkenboom View Post
    Please explain to me why sudo -i is the better choice.
    So while you may agree or disagree, I am not interested in debating the issue, and most (not all) people advise sudo -i for the reasons I cited.

    With that, I consider your question asked and answered.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  7. #7
    Join Date
    Jan 2005
    Location
    South Africa
    Beans
    2,098
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: sudo su - versus sudo -i

    Quote Originally Posted by sisco311 View Post
    Not sure why didn't reset MAIL for you, it works here as expected.
    Just checked on another system withe the same 64 bit 10.04 LTS). 'mail' is not even set when I use sudo -i (but is with sudo su -) ??

    Something funny going on.
    If you don't make backups of your important data, your data is obviously not important to you.

  8. #8
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: sudo su - versus sudo -i

    Quote Originally Posted by Wim Sturkenboom View Post
    Just checked on another system withe the same 64 bit 10.04 LTS). 'mail' is not even set when I use sudo -i (but is with sudo su -) ??

    Something funny going on.
    That is not the way my system works either, sudo -i and sudo su - both set $MAIL.

    Check your config files (.bashrc to start with, perhaps /etc/sudoers as well).
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •