Re: two questions about su(1)

In reply to: Paul Vixie : "two questions about su(1)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Frank Leonhardt <freebsd-doc_at_fjl.co.uk>
Date: Fri, 27 Jun 2025 16:07:08 UTC

On 25/06/2025 21:26, Paul Vixie wrote:
> first, why is the -c check not applied until after a password is collected?
>
>> ➜  ~ su -c zsh
>> Password:
>> su: only root may use -c
> second, what exactly do we think this -c restriction is buying us?
>
>> ➜  ~ su
>> Password:
>> root@util:/home/vixie # exec zsh
>> util#

An observation, as others have answered:

SU is wrongly assumed to mean "Super User" by Linux types, instead of 
Switch User or Substitute User. From here, confusion as to its real 
purpose starts. Linux and Apple Unix (whatever it's called this month) 
favour sudo to allow non-root users to run things, which they believe is 
a better equivalent to su when in fact they're for different purposes. 
su MAY be used to switch to the root user, or also any other user. I 
don't want to get into which mechanism is better, other than to say it's 
obviously not sudo[1].

But if you think "Switch User", su makes a lot more sense.

[1] sudo has uses for auditing what multiple administrators do, although 
you can avoid the complexity and get better control using suid/sgid and 
wrappers.