what is the difference between "tsu", "su" and "sudo"?

Discussion:

(too old to reply)

2009-09-26 04:19:52 UTC

Hi all

I needed to ask a question about the Linux commands used for getting
root access.

The question is, what is the difference between "tsu", "su", and
"sudo"?

I am mainly interested about the "tsu" command regarding which there
seems to be very little documentation.

What is the benefit in using e.g. "tsu" rather than "su"?

And are there other ones besides these 3? (If yes, any pointers to a
website discussing all of them would be appreciated.)

Thanks in advance,

Unruh

2009-09-26 06:26:49 UTC

Permalink

Post by JJ
Hi all
I needed to ask a question about the Linux commands used for getting
root access.
The question is, what is the difference between "tsu", "su", and
"sudo"?

Never heard of tsu. Not on my system.

Post by JJ
I am mainly interested about the "tsu" command regarding which there
seems to be very little documentation.

So for something like securly logging in why in the world would you use
something for which you can find no docs? You look up the barrel of guns
to see if they are loaded while you pull the trigger as well?

Post by JJ
What is the benefit in using e.g. "tsu" rather than "su"?

For something like su, I would say there is no benefit.

Post by JJ
And are there other ones besides these 3? (If yes, any pointers to a
website discussing all of them would be appreciated.)

???? What are you doing? There is a tool that is old, that has had a
huge amount of research done on it, that has had its security tested for
over a decade. And you want to use something that is unkown, is
undocumented and seems untested?

Note that sudo is very different from su. sudo is a program to allow a
user to run one single program ( or set of programs) and to give
individual users the permission to use only a small set of programs. su
is to log on as another user even while remaining logged on as the
original user. Some like Ubuntu feel that sudo is more secure, with no
evidence for that. It has its place.

Post by JJ
Thanks in advance,

Wanna-Be Sys Admin

2009-09-26 22:20:02 UTC

Permalink

Post by Unruh
???? What are you doing? There is a tool that is old, that has had a
huge amount of research done on it, that has had its security tested
for over a decade. And you want to use something that is unkown, is
undocumented and seems untested?

I've never heard of it either, and I often wonder why people tend to use
such things. I've seen a lot of people over the years just drop using
simple, secure, well tested, well documented tools/commands in lieu of
"new fun/hyped" tool (for no good reason, people often have to learn
now things (interfaces, languages, commands, output, bugs with it,
etc.). Really annoying to see (and have to deal with at work), but
people do it.

--
Not really a wanna-be, but I don't know everything.

2009-09-28 09:16:13 UTC

Permalink

Post by Unruh

Post by JJ
Hi all
I needed to ask a question about the Linux commands used for getting
root access.
The question is, what is the difference between "tsu", "su", and
"sudo"?

Never heard of tsu. Not on my system.

Could it be a utility on Sun systems? Something to do with art, or war?

FP

Wanna-Be Sys Admin

2009-09-28 09:49:15 UTC

Permalink

Post by FP
Could it be a utility on Sun systems? Something to do with art, or war?
FP

Nice.

--
Not really a wanna-be, but I don't know everything.

Ian Northeast

2009-09-26 09:03:20 UTC

Permalink

Post by JJ
Hi all
I needed to ask a question about the Linux commands used for getting root
access.
The question is, what is the difference between "tsu", "su", and "sudo"?
I am mainly interested about the "tsu" command regarding which there seems
to be very little documentation.
What is the benefit in using e.g. "tsu" rather than "su"?
And are there other ones besides these 3? (If yes, any pointers to a
website discussing all of them would be appreciated.)

What is tsu? I have never heard of it and cannot find any reference to it.
In what distribution have you found it?

Su is the traditional tool for an administrator who knows the root
password to gain temporary root access. Sudo is normally used to grant
other users who do not know the root password the authority to execute
certain defined commands with root authority. It can also be useful when
writing automated scripts which need limited root authority.

Ubuntu (and possibly other distros) use sudo as the primary means for an
administrator to gain root access, which enables root to have no password
set. I am not convinced that this aids security.

There is also sux, found in many distros, which is like su but also passes
on the X credentials, useful if you need to run anything graphical as root.

You can write your own setuid programs (su and sudo are such; sux is just
a script which calls su). You need to be very careful that you do not
introduce any security vulnerabilities if you do so. Setuid scripts are
not allowed.

Regards, Ian

Martin Gregorie

2009-09-26 16:34:48 UTC

Permalink

Post by Ian Northeast
Su is the traditional tool for an administrator who knows the root
password to gain temporary root access. Sudo is normally used to grant
other users who do not know the root password the authority to execute
certain defined commands with root authority. It can also be useful when
writing automated scripts which need limited root authority.
Ubuntu (and possibly other distros) use sudo as the primary means for an
administrator to gain root access, which enables root to have no
password set. I am not convinced that this aids security.
There is also sux, found in many distros, which is like su but also
passes on the X credentials, useful if you need to run anything
graphical as root.

I found another just today - runuser. I'm not sure how useful this is but
am mentioning it for completeness. It changes the effective user id and
group id to that of 'USER'. There is no password prompt. If run as a non-
root user without privilege to set user ID, the command will fail. Like
bash and other shells you can use it to run a single command:

$ runuser -l USER -c "command args..."

so it can be useful for running commands under a different user: in
Fedora 10 the init.d script that starts the PostgreSQL database uses it
in preference to su and has a comment saying it must be used if SELinux
is installed and running. As I have SELinux disabled, I find its more or
less identical to:

$ su -l USER -c "command args..."

--
martin@ | Martin Gregorie
gregorie. | Essex, UK
org |

Nix

2009-09-27 09:11:27 UTC

Permalink

Post by Ian Northeast
There is also sux, found in many distros, which is like su but also passes
on the X credentials, useful if you need to run anything graphical as root.

This is presumably obsolete now that we have pam_xauth.

Nico Kadel-Garcia

2009-09-27 11:43:33 UTC

Permalink

Post by Nix

Post by Ian Northeast
There is also sux, found in many distros, which is like su but also passes
on the X credentials, useful if you need to run anything graphical as root.

This is presumably obsolete now that we have pam_xauth.

sudo has also correctly handled this for years. In most instances, I
prefer sudo for its subtlety of available optioins, and prefer sudo
for its ability to allow designated users very specific administrative
privileges, using their own passwords, rather than giving them a local
root privilege. It helps me avoid having to write suid programs, as
well.