22

Why is one preferred over the other in this example?

sudo su
echo "options iwlwifi 11n_disable=1" >> /etc/modprobe.d/iwlwifi.conf
exit

Please provide links to Ubuntu documentation.

chili555
  • 60,188

3 Answers3

17

The sudo su command stands for "switch user", and allows you to become another user. It allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file.

The ‑i (simulate initial login) option runs the shell specified by the password database entry of the target user as a login shell. This means that login-specific resource files such as .profile or .login will be read by the shell. If a command is specified, it is passed to the shell for execution via the shell's ‑c option. If no command is specified, an interactive shell is executed.

Source:ManPage

Manuel Jordan
  • 1,768
  • 7
  • 30
  • 50
Mitch
  • 107,631
  • 1
    "Using su creates security issue, and is essentially dangerous." What? – OrangeDog Aug 12 '13 at 08:41
  • That's completely unrelated to using su. – OrangeDog Aug 12 '13 at 09:08
  • 1
    If you run sudo su you are asked for your password, not the root password. The root user doesn't even need to have a password. Regardless, if an admin is using the root password, that doesn't imply that all the regular users know it. – OrangeDog Aug 12 '13 at 09:51
  • 2
    No, it will not. sudo runs su as root, and root can su to any user without knowing their password. Fundamental misunderstandings about how the system works deserve a downvote IMO. – OrangeDog Aug 12 '13 at 10:26
  • @OrangeDog I had some confusion. I have changed the answer to reflect that. – Mitch Aug 12 '13 at 10:29
  • 3
    And deleting your comments just adds to the confusion. – OrangeDog Aug 12 '13 at 10:29
  • I guess that was a mistake. Can you delete yours? :) – Mitch Aug 12 '13 at 10:30
  • 1
    You're not making it much better. sudo -i won't ask for root's password either, so it's not relevant to the question. – OrangeDog Aug 12 '13 at 10:32
16

sudo su only changes the current user to root. Environment settings (like PATH) remain the same.

sudo -i creates a fresh environment as if root had just logged in.

The difference is more noticeable if you use other users. After sudo su bob you will be bob, but in the same place. After sudo -i -u bob you will be bob, in bob's home directory, with bob's default shell and with bob's .profile and any other login scripts having been run.

See man sudo for more details of what -i does. Unfortunately, man su is light on details.

Found a version of man su (from login-1:4.1.4.2+svn3283-3ubuntu5.1) that has the following to say:

$PATH reset according to the /etc/login.defs options ENV_PATH or ENV_SUPATH (see below);

$IFS reset to “<space><tab><newline>”, if it was set.

Note that the default behavior for the environment is the following:

The $HOME, $SHELL, $USER, $LOGNAME, $PATH, and $IFS environment variables are reset.

If --login is not used, the environment is copied, except for the variables above.

If --login is used, the $TERM, $COLORTERM, $DISPLAY, and $XAUTHORITY environment variables are copied if they were set.

Other environments might be set by PAM modules.

So whether and to what extent sudo su changes the environment depends on your distribution and setup. Thus sudo -i is theoretically more portable.

OrangeDog
  • 861
  • su does change environment settings, and can be used to simulate a login using - or -l. Even without -l, $PATH is changed. Test these claims before making them! (Did you mean that PWD remains the same?) – Kyle Strand Feb 25 '15 at 16:51
  • 1
    The real question is, is there a difference between sudo su - and sudo -i? – Kyle Strand Feb 25 '15 at 16:52
  • sudo su doesn't run .profile (it hasn't logged in) or .bashrc (it hasn't started bash) or anything, so how would it change PATH? – OrangeDog Feb 25 '15 at 17:00
  • Obviously it changes USER and HOME (and SUDO_COMMAND), I guess it must pull from /etc/passwd, but I dont' see (and haven't during testing) how PATH can change. – OrangeDog Feb 25 '15 at 17:03
  • 1
    You're clearly putting some thought into this and actually doing some testing in the shell, so I apologize for my snippy "test these claims" comment. That said, on my system I do observe that $PATH is changed when I use su without sudo (using the root password). According to info su (which might be a better thing to link to in your answer), su does indeed read the password entry for the user you're becoming. Possibly the $PATH change I'm observing is system-dependent (I'm on Debian 7). – Kyle Strand Feb 25 '15 at 17:17
  • Thanks. According to that, su changes HOME, USER, LOGNAME and SHELL. sudo su changes SUDO_COMMAND and USERNAME (to root) as well. If the shell of the user you're switching to is different to the current shell, it will have to start it, causing its rc file to run. – OrangeDog Feb 25 '15 at 17:20
  • 1
    Hmmm. My man su (which is longer than the one you linked to) says that it's part of shadow-utils 4.1.5.1. My man page also says that $PATH is set even if --preserve-environment is used. So I guess it really is just a difference between different versions of su. – Kyle Strand Feb 25 '15 at 17:34
  • 1
    The behaviour is also affected by your PAM configuration. /etc/pam.d/sudo and /etc/pam.d/su may be set up to do completely different or exactly the same things. – OrangeDog Jun 21 '19 at 09:23
10

The main problem is one of (not so) sane environment settings.

Using sudo su the new shell gets its environment from the user who issues the command - which may be problematic.

With sudo -i you get a clean root shell.

See Special notes on sudo and shells

Remains to observe that it is rarely necessary at all to create a root shell.

guntbert
  • 13,134