Please remove this {{Draft}}template, when you're sure the page is complete and correct.
|
Using the command "su" to obtain root privileges is extremely risky, and may cause problems later that are not easily debugged if you are not familiar with the dangers.
Instead, when root privileges are needed, use "su --login", which may be abbreviated as "su -l", or just "su -".
To understand the difference and the danger of using just "su", without the hyphen, start with the man page for su. From that page, adding the --login option makes the su command different in that it ...
Start the shell as a login shell with an environment similar to a real login: - clears all the environment variables except TERM and variables specified by --whitelist-environment - initializes the environment variables HOME, SHELL, USER, LOGNAME, and PATH - changes to the target user's home directory - sets argv[0] of the shell to '-' in order to make the shell a login shell
The environment variables still referring to the original login id (tester in this case), instead of the root user ...
$ su Password: # env|grep tester|sort LOGNAME=tester MAIL=/var/spool/mail/tester PWD=/home/tester SCREENDIR=/home/tester/tmp USER=tester # exit exit $ su - Password: # env|grep tester|sort #
What makes using su without the login option dangerous is that many programs use those environment variables to control where they store files they use. If a program is run that updates a file stored in ~/.config, then the configuration file for that program in the users .config directory will become owned by root.
Later, after exiting from the su root privilege, if the user tries to run that same program and does something that causes it try to update its .config file, it will fail since the regular user can not update files owned by root.
The root owned files in the user's home directory will eventually cause problems that may be very difficult to debug.
Always remember to use "su -", never just "su".
If the mistake has already been made, it can be fixed with ...
su - chown -Rc tester:tester /home/tester
The option c for the chown causes the command to show the changes it has made. If imap is used for mail, the mail directory will need to have it's group changed back to mail with
chgrp -Rc mail ~/mail
There may be other changes needed for other applications, so check the output of the chown command carefully.