"su -" vs direct root login
 

What are the differences between "su -" in a GUI terminal and directly logging in as root in a text mode terminal (tty1-tty6)? Any environment, path or other functionality differences?

the - makes it a full login shell, so there should be no difference at all in your abilites.

As an aside to your question - its not good practice to login as root directly.

For security/safety purposes always login as a "normal" user with sudoers priveleges and use a combination of sudo and su - to execute super user commands.

Many will say its a schlep to do the above but believe me you will not be happy once you do something by mistake that destroys your system ;)

if i run a command that destroys the system, whats the diff if its ran as root directly or via su - ???

No difference, it's just safer to su - . If done properly, you execute whatever commands you have permissions to as a normal user, and when you need to, su - , execute the root commands, then exit. If you log in directly as root, the temptation is to run all commands as root, leaving yourself open to... well if you don't know now, you will remember it afterwards. ;)

the main problem lies in Xorg
running X and a gui( gnome,kde,xfce)as root opens up holes in xorg
-- Google it for a much longer and heated "discussion "

now one will be loged in as root for MUCH less time in the terminal than it one was to log in as root using a gui .Also gnome ( also not secure as root) will not be running .


NOW

there are not many ways for a auto script ( built for MS Windows) to do much
nor are there too many linux mal-ware programs . so the odds are ( for know ) are better at keeping a clean computer running linux -- even as root , than running Windows

but for the paranoid there is also a problem with sudo
-- this is not the place for that flaming war -- google it for more discussion .


su
root with NORMAL users $PATH ( stays in the folder you run this from)
su -
root with root $PATH ( auto goes to /root home folder)

most of the time there is not much of a difference
but for somethings there is a diff.

What are these things?

For everyone else: thanks for replying, but you are assuming too much about me - I am not a complete noob and I do not run my system as root constantly. The question is ONLY about the root's environment when using different login methods.

John VV answered this question already, albeit indirectly. The answer in implied here: The commands that will be different are the commands that are not found in both paths. This could mean no difference at all if, say, the user belongs to the group wheel (in which case user $PATH should be the same as root $PATH).

NB: With 3 posts we will assume you are a noob, because the potential consequences of assuming you know these things when you, in fact don't, are considerable. Be assured that no offense was meant. :)

If you are using Ubuntu you will not be able to log in as root user anyway. Ubuntu only uses su/sudo commands from terminal.

I don't know whether your using Ubuntu or not but I just thought I'd point it out. =)

Sure you can, just
and it's set.

It isn't just the $PATH variable that is changed to root's with 'su -'. ALL environment variables are set to root's. To see the differences, run the following:

HTH

Forrest

I meant log in as root user from the log in screen. By default you can't do that on Ubuntu.

The fact that by default Linux allows any user to be able to use the su command is in itself insecure. You only need to couple this with the blatant use of sudo in Ubuntu to understand the risk you take.

I'm taking a different approach here. I'd say, "If you want more security, then go for FreeBSD." Why? Because from the initial setup, you decide which account has access to wheel and to sudo- that is if you install it later. An unprivileged account that is compromised will not bring down the system. The same scenario on say... Ubuntu or Fedora or Mint, could result in a rooting.

A netsearch for root and X and GUI (with and without xorg) found questions and HOWTOs etc. but nothing pertinent to security holes in the first page or so. Any other keywords to find the discussion?

No, it's not insecure, it merely puts a certain piece of the responsibility to the administrator. su requires root knowledge, and there are plenty of uglier ways to achieve a similar thing with the login command itself and such, which arne't removed. su just makes it a more formal escalation of rights, and doesn't change the model itself.

And with a pedant hat on, Linux does NOT do this by default, only distributions. Linux does not contain su. It's a kernel, and in this specific context that distinction does matter more than usual.