From: JJ on
Hi all

I needed to ask a question about the Linux commands used for getting
root access.

The question is, what is the difference between "tsu", "su", and
"sudo"?

I am mainly interested about the "tsu" command regarding which there
seems to be very little documentation.

What is the benefit in using e.g. "tsu" rather than "su"?

And are there other ones besides these 3? (If yes, any pointers to a
website discussing all of them would be appreciated.)

Thanks in advance,


From: Unruh on
JJ <santa(a)temporaryinbox.com> writes:

>Hi all

>I needed to ask a question about the Linux commands used for getting
>root access.

>The question is, what is the difference between "tsu", "su", and
>"sudo"?

Never heard of tsu. Not on my system.

>I am mainly interested about the "tsu" command regarding which there
>seems to be very little documentation.

So for something like securly logging in why in the world would you use
something for which you can find no docs? You look up the barrel of guns
to see if they are loaded while you pull the trigger as well?


>What is the benefit in using e.g. "tsu" rather than "su"?

For something like su, I would say there is no benefit.


>And are there other ones besides these 3? (If yes, any pointers to a
>website discussing all of them would be appreciated.)

???? What are you doing? There is a tool that is old, that has had a
huge amount of research done on it, that has had its security tested for
over a decade. And you want to use something that is unkown, is
undocumented and seems untested?

Note that sudo is very different from su. sudo is a program to allow a
user to run one single program ( or set of programs) and to give
individual users the permission to use only a small set of programs. su
is to log on as another user even while remaining logged on as the
original user. Some like Ubuntu feel that sudo is more secure, with no
evidence for that. It has its place.


>Thanks in advance,


From: Ian Northeast on
On Fri, 25 Sep 2009 21:19:52 -0700, JJ wrote:

> Hi all
>
> I needed to ask a question about the Linux commands used for getting root
> access.
>
> The question is, what is the difference between "tsu", "su", and "sudo"?
>
> I am mainly interested about the "tsu" command regarding which there seems
> to be very little documentation.
>
> What is the benefit in using e.g. "tsu" rather than "su"?
>
> And are there other ones besides these 3? (If yes, any pointers to a
> website discussing all of them would be appreciated.)

What is tsu? I have never heard of it and cannot find any reference to it.
In what distribution have you found it?

Su is the traditional tool for an administrator who knows the root
password to gain temporary root access. Sudo is normally used to grant
other users who do not know the root password the authority to execute
certain defined commands with root authority. It can also be useful when
writing automated scripts which need limited root authority.

Ubuntu (and possibly other distros) use sudo as the primary means for an
administrator to gain root access, which enables root to have no password
set. I am not convinced that this aids security.

There is also sux, found in many distros, which is like su but also passes
on the X credentials, useful if you need to run anything graphical as root.

You can write your own setuid programs (su and sudo are such; sux is just
a script which calls su). You need to be very careful that you do not
introduce any security vulnerabilities if you do so. Setuid scripts are
not allowed.

Regards, Ian
From: Martin Gregorie on
On Sat, 26 Sep 2009 10:03:20 +0100, Ian Northeast wrote:

> Su is the traditional tool for an administrator who knows the root
> password to gain temporary root access. Sudo is normally used to grant
> other users who do not know the root password the authority to execute
> certain defined commands with root authority. It can also be useful when
> writing automated scripts which need limited root authority.
>
> Ubuntu (and possibly other distros) use sudo as the primary means for an
> administrator to gain root access, which enables root to have no
> password set. I am not convinced that this aids security.
>
> There is also sux, found in many distros, which is like su but also
> passes on the X credentials, useful if you need to run anything
> graphical as root.
>
I found another just today - runuser. I'm not sure how useful this is but
am mentioning it for completeness. It changes the effective user id and
group id to that of 'USER'. There is no password prompt. If run as a non-
root user without privilege to set user ID, the command will fail. Like
bash and other shells you can use it to run a single command:

$ runuser -l USER -c "command args..."

so it can be useful for running commands under a different user: in
Fedora 10 the init.d script that starts the PostgreSQL database uses it
in preference to su and has a comment saying it must be used if SELinux
is installed and running. As I have SELinux disabled, I find its more or
less identical to:

$ su -l USER -c "command args..."


--
martin@ | Martin Gregorie
gregorie. | Essex, UK
org |
From: Wanna-Be Sys Admin on
Unruh wrote:

> ???? What are you doing? There is a tool that is old, that has had a
> huge amount of research done on it, that has had its security tested
> for over a decade. And you want to use something that is unkown, is
> undocumented and seems untested?

I've never heard of it either, and I often wonder why people tend to use
such things. I've seen a lot of people over the years just drop using
simple, secure, well tested, well documented tools/commands in lieu of
"new fun/hyped" tool (for no good reason, people often have to learn
now things (interfaces, languages, commands, output, bugs with it,
etc.). Really annoying to see (and have to deal with at work), but
people do it.
--
Not really a wanna-be, but I don't know everything.