On 27/11/2012 7:39 PM, Hunkeler Peter (KIUP 4) wrote:
Why do you do a "su -" instead of simply "su"? I consider the dash option to be useful only when switching to another identity as in "su - another.userid". You're changing the MVS userid as well as the UNIX uid, so it is sensible to also setup the shell environment to lokk as if you had logged in with that userid.
"su -" is considered good practice in other unix environments because root's environment is likely to be quite different to a normal user's environment.
Typically the directories in the PATH are much more restrictive, and there may be directories added that contain programs that are only used by root e.g. /usr/sbin. A regular user might have the current directory in their PATH, root should not.
It is considered a security exposure if any directory (or any of the parent directories) in root's PATH is writable by a non-root user.
So "su -" is good practice to ensure that you get an environment that is intended for use with UID 0.
Regards Andrew Rowley -- [email protected] +61 413 302 386 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
