su - is sometimes even unknown to younger folks); Meanwhile doas was named (which I prefer & use sometimes), but also super exists.
sudo privileges on Ubuntu or LM, all I had to do was add the user to the "sudo" group. I don't know if that works on FreeBSD because I don't install sudo on FreeBSD. Never liked sudo much, and consider it an unecessary security risk. Would uninstall it on Linux if I ever wanted to use Linux for anything serious, but I don't, so I haven't bothered with it. sudo passwd so I can then change the root password to something I know, and quit using sudo in favor of using su.
Uncomment this line in sudoers:
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALLYou can actually configure sudo(8) to ask for root's password instead of the user's password.
rootpw If set, sudo will prompt for the root password instead
of the password of the invoking user when running a
command or editing a file. This flag is off by
default.ALL=(ALL) ALL, that's fine if it's your own system, not so great if you only need to allow specific users some limited access to restart a service for example.Never actually used doas(1) but I don't think one is better than the other. sudo(8) is more commonly used, and has been for a long time, so there's plenty of tips, tricks and pitfalls to find for it. doas(1) is more like the new kid on the block.
Both do their job. The license of doas looks exactly like I want a license to look, while the one of sudo leaves me with questions and cause me frowning:
I've never actually tried that (yet), but it might be worth mentioning that, before doing so, we should probably use
sudo passwd (i.e., sudo passwd root), to change the root password to a password we know, to avoid hamstringing ourselves. su. su -m, i.e., su - m root, which gives you an id=0 without changing your SHELL or HOME directory. To that end, I usually modify .shrc (or, in Linux-land, .bashrc), to change the command prompt suffix from "$" to "#", with an if... then... else... statement, like the following:
if [ "$(id -u)" = "0" ]; then PS1="(\u@\h \w)# "; else PS1="(\u@\h \w)$ "; fiThe sudo license is basically ICS style, which is equivalent to BSD or MIT, but with less unnecessary words in it.
Why I always switch to root with
su - (means: "want the complete root environment"): As long as you're working with some command line tools everything is okay, but if you're using f.e. something like Midnight Commander: If your user hasn't started it before you'll get configuration files owned by root inside the users home directory. Such things can have strange effects (f.e. a user unable to use and/or configure this program). Or if the config is present:jo@freya ~> /usr/bin/su -m tester
Password:
tester@freya ~> whoami
tester
tester@freya ~> echo $HOME
/home/jo
tester@freya ~> mc
Failed to run:
Cannot create /home/jo/.local/share/mc directory
tester@freya ~>Good points. I don't use Midnight Commander, and in general don't use root to run anything unless it's absolutely necessary. Want to see the "#" command line suffix mainly to remind myself to type
exit as soon as possible, and to deliberately lose the root privileges just as soon as they're no longer needed for what I'm doing. Using su -m mainly to preserve the present working directory; sometimes prefer to use something like cd path; su - m root -c "tar -xzpf sometarfile.tgz" just to save myself from having to remember to type exit.I'm also working with the prompt:
autoload -Uz colors && colors
autoload -Uz promptinit && promptinit # Advanced prompt support
prompt off # disable default prompt
setopt PROMPT_SUBST # Allow custom prompt
PROMPT='$fg[red]HOST:%n: $fg[default]%d #' su -m is that it will preserve all environment variables. Maybe sudo and/or doas can do that too. I don't know, and am content to use su -m. Yet another advantage? Ready-to-go right out-of-the-box, without installing any additional software on FreeBSD, Linux, or Mac OS X.