su versus su -
 

I understand that the second command sets all the environmental variables to the defaults for aUserID, while the first will not. What is the implications of doing so?

Its more of a security/convenience. As a admin, when you are attending regular user's grievances, you want to stay in their environment, PATH and the directory in question. The only edge you want is to run as root, which regular users cant.

You don't want to 'su -', where it throws you to /root directory, puts root user's environment and root's PATH, which to be frankly wont let you see the problem from user's perspective.

Thanks mddesai, very well explained.

I think I better now understand John's post.

So, if I set up my server to prevent ssh'ing as root, and I want to do general configuration as the root user, then I should always use "su - root"?

The reason there is no difference with outcome is, unlike all other distro, Redhat includes /sbin directory in PATH of regular users. I don't know why they do it.

Also, while we are in switching users, you also need to know the difference between 'whoami' and 'who am i'. its helps a lot. The following should be self explanatory.

Correct, its the recommended way of doing it. But just 'su -' is enough. You should not allow root to ssh. I hope you are aware of 'PermitRootLogin no' in sshd_config.

Thanks again mddesai,

Yes, I am using Centos (i.e. Redhat). Good to know about how they are unique in including /sbin directory in PATH of regular users. Hopefully, I will remember when I try another distro :) Better yet, I will just get in the habit of using su - right now!

Turns out "who am i" is the same thing as "who". Am I missing anything? So, "who" displays the originally logged on user, and "whoami" displays the current. Again, good to know.

And yes, I am aware of 'PermitRootLogin no' in sshd_config, but thank you for ensuring.

Cheers