For many years, things in the superuser world of Linux were ticking along nicely. Thanks to abilities that allowed us to separate commands meant for important system configuration, and checking our email. However one day back in 2017, it all went and got a little bit more complicated, albeit briefly.
OK, it was mainly a lack of understanding of the changes surrounding commands like
su, and admittedly a whole lot of stubbornness and unwillingness to
learn said changes! Eventually I got the hang of it, but to this day I still struggle to remember which is the correct way to gain elevated privileges to Linux depending
on the particular system I’m using.
So here’s a quick primer if you’re finding none of your commands work when using
su or some other unholy method of trying to get what you want. Since I prefer Debian
as my choice in Linux Distro these days (pitchforks down, please) I’ll focus there - but since it’s the daddy of many distributions, these lessons should carry over.
It’s always been about sudo
But of course you wouldn’t have problems if you just did things correctly right?! When it comes to Linux, well yes.
sudo is and always has been the way to temporarily
elevate privileges in order to run superuser commands. But for lazy admins like me, having to type it every time, really?
admin@some-host:~$ sudo apt-get update admin@some-host:~$ sudo apt-get upgrade admin@some-host:~$ sudo systemctl status filebeat admin@some-host:~$ sudo aghhhh!
It gets… repetitive. Still, it’s the safest way. It ensures you think about what you type - make sure all commands are necessary, correct and don’t format entire file systems.
But what if the Linux box we’re on isn’t a nuclear early warning system or flow regulator for your local hydroelectric dam, and we’re just using a development box that’s going to get blown away in 45 minutes, how can we skip the best practice crap and just let me type stuff which might break the planet?
Using su to get stuff done
If you really want to upset the Linux purists, using
su to plough through a bunch of systems commands will probably do it. Before Debian 9, this was easily achieved
using just the command
su with no parameters. Until one day, something changed.
The implementing of
su switched, which caused a number of changes. But they key one being that environment variables (specifically
$PATH), were no longer applied
when elevating a user.
admin@some-host:~$ su Password: root@some-host:/home/admin# ldconfig bash: ldconfig: command not found
As you can see, on a modern (Debian 9+) system, basic system commands cannot be found. The correct way to use
admin@some-host:~$ su - Password: root@some-host:~# ldconfig root@some-host:~#
- parameter is short for
--login, and effectively copies the environment of the real use to the elevated user. In most cases, this is what you want.
Can sudo do it?
Of course it can, and this is the way you probably should get used to. The equivalent command is
sudo -s, which is short for
--shell, and also invokes a new shell with the same environment as the real user who invokes it.