In one of his responses to the thread "thundebird preferences tab", Bit Twister responded ....

Quote
It is pretty straight forward. "su -" and "su - root" will use root's environment and just su will use whoever issues the "su". As a result
of just su, any files modified/created will be owned by root, not the user.
End Quote.

To (poor, undereducated) Me, this implies that if I had three users on
this HP Laptop (say "Daniel", "Junk" and "Test") and I, as "Junk", call
up "su -" or "su - root" (and then enter the root password, I guess),
any system changes I made would be applied to all three users whereas,
if I, as "Junk", call up "su" (and then enter the root password), any
changes I made would *ONLY* be applied to the "Junk" account.

Is my understanding correct??

'Cause it just doesn't seem to make sense to me that the "su" (with no limiting factor) is more limited than either "su -" and/or "su - root".

Maybe one day I'll get it! ;-P Maybe in the New Year which, hopefully,
will be a happier year than this one has been!!
--
Daniel

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Wed, 30 Dec 2020 17:43:58 +1100, Daniel65 wrote:

In one of his responses to the thread "thundebird preferences tab", Bit Twister responded ....

Quote
It is pretty straight forward. "su -" and "su - root" will use root's environment and just su will use whoever issues the "su". As a result
of just su, any files modified/created will be owned by root, not the user. End Quote.

To (poor, undereducated) Me, this implies that if I had three users on
this HP Laptop (say "Daniel", "Junk" and "Test") and I, as "Junk", call
up "su -" or "su - root" (and then enter the root password, I guess),

No guessing here. Fact, you will need to enter root's password.

any system changes I made would be applied to all three users whereas,

This conversation is not about system changes. It is really about what
happens when "su" is used and root runs some user type application.

if I, as "Junk", call up "su" (and then enter the root password), any
changes I made would *ONLY* be applied to the "Junk" account.

That is really a general statement and depends on what is being executed.

Is my understanding correct??

but, generally speaking correct. The devil is in the details.

'Cause it just doesn't seem to make sense to me that the "su" (with no limiting factor) is more limited than either "su -" and/or "su - root".

You are absolutely correct in that root privileges are the same regardless
of method, "su", "su -", "su - root"


What you have to understand is that "su -" and "su - root" will set/use
root's environment variables, for example $HOME will be /root whereas
"su" exectued in junk's account will have a value of /home/junk.

And that, is where problems are created. For example you edit some file
as "su", any configuration files/directories could become owned by root,
not junk.

For example you might be editing /etc/hosts, but that activity
may/will add an entry in the editor's recent list. When that happens
that file will be owned by root, not junk. As a result, any edits by junk
will not have entries in the editor recent list from that point forward.

Whatever application launched can cause changes in /home/junk/(.config/*, ..cache/*, .local/*, tmp/*, ...) causing those files/directories to owned
by root. :(

Just for fun log in as junk, click up a terminal and run
env | sort > /var/tmp/junk.env
su
{root pw here}
env | sort > /var/tmp/su.env
exit
su -
{root pw here}
env | sort > /var/tmp/root.env

diff /var/tmp/junk.env /var/tmp/su.env
diff /var/tmp/su.env /var/tmp/root.env
rm /var/tmp/*.env


--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 30/12/20 6:37 pm, Bit Twister wrote:

And that, is where problems are created. For example you edit some file
as "su", any configuration files/directories could become owned by root,
not junk.

I think that I understand this. I usually approach the issue from a
slightly different perspective.

If I am in /home/junk, and run "su -" the prompt changes to a root
prompt in the top level [/].

If on the other hand, I run simply "su", I have a root prompt, but my
place in the directory tree is unchanged. That is what I want if, for
example, have a sudden.momentary need to change a file's permissions.
Either way, I have the full powers of the root user, and can change any
file on my system.

If I am logged in as "junk" and want to be logged in as "doug," I run
"su - doug."

Am I right?

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: Aioe.org NNTP Server (2:250/1@fidonet)

On Thu, 31 Dec 2020 22:45:18 +1100, Doug Laidlaw wrote:

On 30/12/20 6:37 pm, Bit Twister wrote:

And that, is where problems are created. For example you edit some file
as "su", any configuration files/directories could become owned by root,
not junk.

I think that I understand this. I usually approach the issue from a
slightly different perspective.

If I am in /home/junk, and run "su -" the prompt changes to a root
prompt in the top level [/].

If on the other hand, I run simply "su", I have a root prompt, but my
place in the directory tree is unchanged. That is what I want if, for example, have a sudden.momentary need to change a file's permissions.
Either way, I have the full powers of the root user, and can change any
file on my system.

If I am logged in as "junk" and want to be logged in as "doug," I run
"su - doug."

Am I right?

You are correct as far as what happens when using each of your su examples,
but you are not looking at what the Original Poster is wanting to understand.

The point is, applications use environment variables for the location of directories/files they use/modify. Those user directories/files can become owned by root if "su" is used instead of "su -" or "su - root".

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 31/12/20 11:45 pm, Bit Twister wrote:

The point is, applications use environment variables for the location of directories/files they use/modify. Those user directories/files can become owned by root if "su" is used instead of "su -" or "su - root".

To reinstall VirtualBox, I follow Dave's advice and reinstall the
extension pack as root. He said to use "su -", but recently, I haven't bothered. Usually plain "su means that the current entry in ~/.config/Virtualbox becomes owned by root, and I have to change it back.

Another example is setting up the nVidia driver from XFdrake started
from MCC. There is an option to test the setup. I avoid that, because
if I try, the .Xauthority file in my home directory can become owned by
root, and X won't start as it should.

These sound like examples of what you mean.

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: Aioe.org NNTP Server (2:250/1@fidonet)

On Thu, 31 Dec 2020 23:59:26 +1100, Doug Laidlaw wrote:

On 31/12/20 11:45 pm, Bit Twister wrote:

The point is, applications use environment variables for the location of
directories/files they use/modify. Those user directories/files can become >> owned by root if "su" is used instead of "su -" or "su - root".

To reinstall VirtualBox, I follow Dave's advice and reinstall the
extension pack as root. He said to use "su -", but recently, I haven't bothered. Usually plain "su means that the current entry in ~/.config/Virtualbox becomes owned by root, and I have to change it back.

Another example is setting up the nVidia driver from XFdrake started
from MCC. There is an option to test the setup. I avoid that, because
if I try, the .Xauthority file in my home directory can become owned by
root, and X won't start as it should.

These sound like examples of what you mean.

Yes, those are good examples.

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 12/31/20 8:13 AM, Bit Twister wrote:

On Thu, 31 Dec 2020 23:59:26 +1100, Doug Laidlaw wrote:

On 31/12/20 11:45 pm, Bit Twister wrote:

The point is, applications use environment variables for the location of >>> directories/files they use/modify. Those user directories/files can become >>> owned by root if "su" is used instead of "su -" or "su - root".

To reinstall VirtualBox, I follow Dave's advice and reinstall the
extension pack as root. He said to use "su -", but recently, I haven't
bothered. Usually plain "su means that the current entry in
~/.config/Virtualbox becomes owned by root, and I have to change it back.

Another example is setting up the nVidia driver from XFdrake started
from MCC. There is an option to test the setup. I avoid that, because
if I try, the .Xauthority file in my home directory can become owned by
root, and X won't start as it should.

These sound like examples of what you mean.

Yes, those are good examples.

Let me try this as an example where I believe things can go horribly wrong:

Since the OP mentioned Thunderbird, let's talk about that. One of the
things about Thunderbird/Firefox is that they overwrite the
configuration upon closing, saving any changes that were made in the
last session.

If the user was dumb enough to run T-bird as root, then the newly
rewritten config file (I believe it's prefs.js, but don't trust that)
will be owned by root.

If the user had used "su -" or "su - root" then that configuration is
saved in root's home directory, and there's "probably" no harm done.

But, if the user had used "su" then that configuration would be saved in
the user's home directory, now belonging to root, and depending on the permissions, probably can't be changed by the user any more.

Is that more or less correct, Bit?

TJ

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Thu, 31 Dec 2020 10:22:47 -0500, TJ wrote:

On 12/31/20 8:13 AM, Bit Twister wrote:

On Thu, 31 Dec 2020 23:59:26 +1100, Doug Laidlaw wrote:

On 31/12/20 11:45 pm, Bit Twister wrote:

The point is, applications use environment variables for the location of >>>> directories/files they use/modify. Those user directories/files can become
owned by root if "su" is used instead of "su -" or "su - root".

To reinstall VirtualBox, I follow Dave's advice and reinstall the
extension pack as root. He said to use "su -", but recently, I haven't
bothered. Usually plain "su means that the current entry in
~/.config/Virtualbox becomes owned by root, and I have to change it back. >>>
Another example is setting up the nVidia driver from XFdrake started
from MCC. There is an option to test the setup. I avoid that, because
if I try, the .Xauthority file in my home directory can become owned by
root, and X won't start as it should.

These sound like examples of what you mean.

Yes, those are good examples.

Let me try this as an example where I believe things can go horribly wrong:

Since the OP mentioned Thunderbird, let's talk about that. One of the
things about Thunderbird/Firefox is that they overwrite the
configuration upon closing, saving any changes that were made in the
last session.

If the user was dumb enough to run T-bird as root, then the newly
rewritten config file (I believe it's prefs.js, but don't trust that)
will be owned by root.

If the user had used "su -" or "su - root" then that configuration is
saved in root's home directory, and there's "probably" no harm done.

But, if the user had used "su" then that configuration would be saved in
the user's home directory, now belonging to root, and depending on the permissions, probably can't be changed by the user any more.

Is that more or less correct, Bit?

The dissertation is more correct, except for the ""probably can't be changed" statement. The files become owned by root and will require root privs
to change them back to the user.

Do keep in mind that the "su" affects whatever is executed in that terminal. Launching anything from another terminal, desktop shortcut, menu... will
be executed as user, not root.

Exception, is launching another terminal from the "su" terminal.
Running "whoami" in that new terminal will show root.

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 31.12.2020 at 22:45, Doug Laidlaw scribbled:

On 30/12/20 6:37 pm, Bit Twister wrote:

And that, is where problems are created. For example you edit some
file as "su", any configuration files/directories could become
owned by root, not junk. =20

=20
I think that I understand this. I usually approach the issue from a=20 slightly different perspective.
=20
If I am in /home/junk, and run "su -" the prompt changes to a root=20
prompt in the top level [/].

That's not right. If it does that on your system, then there's a misconfiguration somewhere. If you run...

$ su -

.... then your working directory _should_ be "/root", not "/". If it's
"/", then that means that your root account uses "/" as its home
directory, and that its ".bash_history" will be stored there, as
opposed to under "/root".

This was effectively the case for a number of root-owned processes in
earlier Mageia releases (such as "mail" when invoked by "msec") =E2=80=94 t= hey
wrote their output to the root directory "/" =E2=80=94 but I would have tho= ught
that the Mageia devs had fixed that by now.



Disclaimer: I am not running Mageia =E2=80=94 I've been using Manjaro for o= ver
a year and a half now, and I am a moderator at the Manjaro
forum =E2=80=94 so I cannot verify whether what you say is true.


--=20
With respect,
=3D Aragorn =3D


--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Strider (2:250/1@fidonet)

$ su -

... then your working directory _should_ be "/root", not "/". If it's
"/", then that means that your root account uses "/" as its home
directory, and that its ".bash_history" will be stored there, as
opposed to under "/root".

[faeychild@unimatrix PROCESSING]$ su -
Password:
[root@unimatrix ~]# pwd
/root
[root@unimatrix ~]#

Correct Aragorn :-)

regards

--
faeychild
Running plasmashell 5.15.4 on 5.7.19-desktop-3.mga7 kernel.
Mageia release 7 (Official) for x86_64 installed via Mageia-7-x86_64-DVD.iso


--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

Doug Laidlaw wrote on 31/12/20 22:45:

On 30/12/20 6:37 pm, Bit Twister wrote:

And that, is where problems are created. For example you edit some file
as "su", any configuration files/directories could become owned by root,
not junk.

I think that I understand this.

<Snip>

Doug, without wanting to be derogatory towards you in any manner, I'm
pleased to see you start your reply this way.

IF Bit Twister's and Aragorn's knowledge were to be 747's or Satellites
flying waaayyyy over my head, you, Doug, would at least be at least
Biplane, a goodly height above me.

I've just read the replies here, thanks everybody, .... and will have to re-read them before I might make sense of them.

Well, maybe after a re-re-read!! Except to know my original thinking is *WRONG* !!
--
Daniel

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)