Why is su world executable?using sudo on GUI applicationsHow to create an executable bash script for these commands?What exactly differentiates the root user from every other user?How to give users or group in linux sudo permission with limited permission on certain filesSSH + Change password using rootWhy is sudo required for every sudo executed executable?Why is /etc/sudoers not world-readable?

Don't look at what I did there

Why does this London Underground poster from 1924 have a Star of David atop a Christmas tree?

Why did Starhopper's exhaust plume become brighter just before landing?

Should I use the words "pyromancy" and "necromancy" even if they don't mean what people think they do?

Term used to describe a person who predicts future outcomes

How to investigate an unknown 1.5GB file named "sudo" in my Linux home directory?

Drawing probabilities on a simplex in TikZ

Fantasy Macro Economics: What would Merfolk trade for?

What checks exist against overuse of presidential pardons in the USA?

Why doesn't Starship have four landing legs?

What's the difference between a variable and a memory location?

How do Barton (Hawkeye/Ronin) and Romanov (Black Widow) end up on the Benatar on Morag in 2014?

What ways are there to "PEEK" memory sections in (different) BASIC(s)

Board Chinese train at a different station (on-route)

Which polygons can be turned inside out by a smooth deformation?

What is Soda Fountain Etiquette?

Why does the `ls` command sort files like this?

Is belaying with a hip belay unsafe?

If I said I had $100 when asked, but I actually had $200, would I be lying by omission?

How does attacking during a conversation affect initiative?

Why did the population of Bhutan drop by 70% between 2007 and 2008?

Do application leftovers have any impact on performance?

Why does the weaker C–H bond have a higher wavenumber than the C=O bond?

Coupling two 15 Amp circuit breaker for 20 Amp



Why is su world executable?


using sudo on GUI applicationsHow to create an executable bash script for these commands?What exactly differentiates the root user from every other user?How to give users or group in linux sudo permission with limited permission on certain filesSSH + Change password using rootWhy is sudo required for every sudo executed executable?Why is /etc/sudoers not world-readable?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








19















I have a headless server that is logged into remotely by multiple users. None of the other users are in the sudoers file, so they cannot obtain root via sudo. However, since the permissions on su are -rwsr-xr-x there's nothing stopping them from attempting to brute force the root password.



One could argue that if a user knows the root password they can compromise the system anyway, but I don't think this is the case. OpenSSH is configured with PermitRootLogin no and PasswordAuthentication no, and none of the other users have physical access to the server. As far as I can tell, the world execute permission on /usr/bin/su is the only avenue for users attempting to gain root on my server.



What's further puzzling to me in that it doesn't even seem useful. It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience.



Am I overlooking something? Is the world execute permission on su just there for historic reasons? Are there any downsides to removing that permission that I haven't encountered yet?






sudo su headless







share|improve this question



















  • 9





    "It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience." - What about systems without the optional sudo installed? I'd say it's a pretty big inconvenience there ;)

    – marcelm
    Aug 17 at 11:09






  • 1





    You can always restrict access for /bin/su, but remember to do the same for /usr/bin/pkexec also.

    – jpa
    Aug 17 at 16:46






  • 5





    I can't seem to understand the motivation behind this question. It sounds like you were wondering why su needs to be world executable, but what would be the point of the alternative? That is, if su were only executable by root (?), what were you thinking it could be used for?

    – David Z
    Aug 18 at 7:00






  • 1





    @DavidZ In fact, it is indeed useful for root! You can quickly switch users with it.

    – val
    Aug 18 at 8:41






  • 1





    @val Yes, that's true. The fact that root can use su is not in question here. (On rereading, I can see how my previous comment would suggest otherwise, but that's not what I meant.) I'm curious what Altay_H thought about this before they asked this question though.

    – David Z
    Aug 18 at 8:48

















19















I have a headless server that is logged into remotely by multiple users. None of the other users are in the sudoers file, so they cannot obtain root via sudo. However, since the permissions on su are -rwsr-xr-x there's nothing stopping them from attempting to brute force the root password.



One could argue that if a user knows the root password they can compromise the system anyway, but I don't think this is the case. OpenSSH is configured with PermitRootLogin no and PasswordAuthentication no, and none of the other users have physical access to the server. As far as I can tell, the world execute permission on /usr/bin/su is the only avenue for users attempting to gain root on my server.



What's further puzzling to me in that it doesn't even seem useful. It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience.



Am I overlooking something? Is the world execute permission on su just there for historic reasons? Are there any downsides to removing that permission that I haven't encountered yet?






sudo su headless







share|improve this question



















  • 9





    "It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience." - What about systems without the optional sudo installed? I'd say it's a pretty big inconvenience there ;)

    – marcelm
    Aug 17 at 11:09






  • 1





    You can always restrict access for /bin/su, but remember to do the same for /usr/bin/pkexec also.

    – jpa
    Aug 17 at 16:46






  • 5





    I can't seem to understand the motivation behind this question. It sounds like you were wondering why su needs to be world executable, but what would be the point of the alternative? That is, if su were only executable by root (?), what were you thinking it could be used for?

    – David Z
    Aug 18 at 7:00






  • 1





    @DavidZ In fact, it is indeed useful for root! You can quickly switch users with it.

    – val
    Aug 18 at 8:41






  • 1





    @val Yes, that's true. The fact that root can use su is not in question here. (On rereading, I can see how my previous comment would suggest otherwise, but that's not what I meant.) I'm curious what Altay_H thought about this before they asked this question though.

    – David Z
    Aug 18 at 8:48













19












19








19


2






I have a headless server that is logged into remotely by multiple users. None of the other users are in the sudoers file, so they cannot obtain root via sudo. However, since the permissions on su are -rwsr-xr-x there's nothing stopping them from attempting to brute force the root password.



One could argue that if a user knows the root password they can compromise the system anyway, but I don't think this is the case. OpenSSH is configured with PermitRootLogin no and PasswordAuthentication no, and none of the other users have physical access to the server. As far as I can tell, the world execute permission on /usr/bin/su is the only avenue for users attempting to gain root on my server.



What's further puzzling to me in that it doesn't even seem useful. It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience.



Am I overlooking something? Is the world execute permission on su just there for historic reasons? Are there any downsides to removing that permission that I haven't encountered yet?






sudo su headless







share|improve this question














I have a headless server that is logged into remotely by multiple users. None of the other users are in the sudoers file, so they cannot obtain root via sudo. However, since the permissions on su are -rwsr-xr-x there's nothing stopping them from attempting to brute force the root password.



One could argue that if a user knows the root password they can compromise the system anyway, but I don't think this is the case. OpenSSH is configured with PermitRootLogin no and PasswordAuthentication no, and none of the other users have physical access to the server. As far as I can tell, the world execute permission on /usr/bin/su is the only avenue for users attempting to gain root on my server.



What's further puzzling to me in that it doesn't even seem useful. It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience.



Am I overlooking something? Is the world execute permission on su just there for historic reasons? Are there any downsides to removing that permission that I haven't encountered yet?






sudo su headless




sudo su headless






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Aug 16 at 19:27









Altay_HAltay_H

1331 silver badge7 bronze badges




1331 silver badge7 bronze badges










  • 9





    "It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience." - What about systems without the optional sudo installed? I'd say it's a pretty big inconvenience there ;)

    – marcelm
    Aug 17 at 11:09






  • 1





    You can always restrict access for /bin/su, but remember to do the same for /usr/bin/pkexec also.

    – jpa
    Aug 17 at 16:46






  • 5





    I can't seem to understand the motivation behind this question. It sounds like you were wondering why su needs to be world executable, but what would be the point of the alternative? That is, if su were only executable by root (?), what were you thinking it could be used for?

    – David Z
    Aug 18 at 7:00






  • 1





    @DavidZ In fact, it is indeed useful for root! You can quickly switch users with it.

    – val
    Aug 18 at 8:41






  • 1





    @val Yes, that's true. The fact that root can use su is not in question here. (On rereading, I can see how my previous comment would suggest otherwise, but that's not what I meant.) I'm curious what Altay_H thought about this before they asked this question though.

    – David Z
    Aug 18 at 8:48












  • 9





    "It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience." - What about systems without the optional sudo installed? I'd say it's a pretty big inconvenience there ;)

    – marcelm
    Aug 17 at 11:09






  • 1





    You can always restrict access for /bin/su, but remember to do the same for /usr/bin/pkexec also.

    – jpa
    Aug 17 at 16:46






  • 5





    I can't seem to understand the motivation behind this question. It sounds like you were wondering why su needs to be world executable, but what would be the point of the alternative? That is, if su were only executable by root (?), what were you thinking it could be used for?

    – David Z
    Aug 18 at 7:00






  • 1





    @DavidZ In fact, it is indeed useful for root! You can quickly switch users with it.

    – val
    Aug 18 at 8:41






  • 1





    @val Yes, that's true. The fact that root can use su is not in question here. (On rereading, I can see how my previous comment would suggest otherwise, but that's not what I meant.) I'm curious what Altay_H thought about this before they asked this question though.

    – David Z
    Aug 18 at 8:48







9




9





"It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience." - What about systems without the optional sudo installed? I'd say it's a pretty big inconvenience there ;)

– marcelm
Aug 17 at 11:09





"It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience." - What about systems without the optional sudo installed? I'd say it's a pretty big inconvenience there ;)

– marcelm
Aug 17 at 11:09




1




1





You can always restrict access for /bin/su, but remember to do the same for /usr/bin/pkexec also.

– jpa
Aug 17 at 16:46





You can always restrict access for /bin/su, but remember to do the same for /usr/bin/pkexec also.

– jpa
Aug 17 at 16:46




5




5





I can't seem to understand the motivation behind this question. It sounds like you were wondering why su needs to be world executable, but what would be the point of the alternative? That is, if su were only executable by root (?), what were you thinking it could be used for?

– David Z
Aug 18 at 7:00





I can't seem to understand the motivation behind this question. It sounds like you were wondering why su needs to be world executable, but what would be the point of the alternative? That is, if su were only executable by root (?), what were you thinking it could be used for?

– David Z
Aug 18 at 7:00




1




1





@DavidZ In fact, it is indeed useful for root! You can quickly switch users with it.

– val
Aug 18 at 8:41





@DavidZ In fact, it is indeed useful for root! You can quickly switch users with it.

– val
Aug 18 at 8:41




1




1





@val Yes, that's true. The fact that root can use su is not in question here. (On rereading, I can see how my previous comment would suggest otherwise, but that's not what I meant.) I'm curious what Altay_H thought about this before they asked this question though.

– David Z
Aug 18 at 8:48





@val Yes, that's true. The fact that root can use su is not in question here. (On rereading, I can see how my previous comment would suggest otherwise, but that's not what I meant.) I'm curious what Altay_H thought about this before they asked this question though.

– David Z
Aug 18 at 8:48










6 Answers
6






active

oldest

votes


















37















One point that is missing from ilkkachu's answer is that elevating to root is only one specific use for su. The general purpose of su is to open a new shell under another user's login account. That other user could be root (and perhaps most often is), but su can be used to assume any identity the local system can authenticate.



For example, if I'm logged in as user jim, and I want to investigate a problem that mike has reported, but which I am unable to reproduce, I might try logging in as mike, and running the command that is giving him trouble.



13:27:20 /home/jim> su -l mike
Password:(I type mike's password (or have him type it) and press Enter)
13:27:22 /home/mike> id
uid=1004(mike) gid=1004(mike) groups=1004(mike)
13:27:25 /home/mike> exit # this leaves mike's login shell and returns to jim's
13:27:29 /home/jim> id
uid=1001(jim) gid=1001(jim) groups=1001(jim),0(wheel),5(operator),14(ftp),920(vboxusers)


Using the -l option of su causes it to simulate a full login (per the man page).



The above requires knowledge of mike's password, however. If I have sudo access, I can log in as mike even without his password.



13:27:37 /home/jim> sudo su -l mike
Password:(I type my own password, because this is sudo asking)
13:27:41 /home/mike>


In summary, the reason the permissions on the su executable are as you show, is because su is a general-purpose tool that is available to all users on the system.






share|improve this answer






















  • 1





    That makes a lot of sense. Since I'm in the habit of using sudo I forgot that su can be used for more than just sudo -s. And without being a sudoer this would be the only way to switch users without altering ssh keys. For my use case this is another reason to remove the permission, but I understand now why the world execute permission is set by default. Thanks!

    – Altay_H
    Aug 16 at 20:57






  • 1





    Another point is that sudo, too, can be used to assume the identity of a user other than root. It's simply allows finer grained control over who can do what as whom, including assuming another identity without the need for that identity's password.

    – chepner
    Aug 17 at 13:57











  • Part of the confusion is that people think su stands for "super user", which it does, when no user is specified (or root is explicity specified) but it also stands for "switch user". This second use of su is therefore easily forgotten.

    – Monty Harder
    Aug 19 at 16:51


















19















Historically (on non-GNU unices), it wasn't, or at least it manually checked if you were in a group called "wheel" permitted to su. The GNU version of su did not reproduce this functionality because of RMS's ideology about access control at the time:



Why GNU `su' does not support the `wheel' group
===============================================

 (This section is by Richard Stallman.)

 Sometimes a few of the users try to hold total power over all the
rest. For example, in 1984, a few users at the MIT AI lab decided to
seize power by changing the operator password on the Twenex system and
keeping it secret from everyone else. (I was able to thwart this coup
and give power back to the users by patching the kernel, but I wouldn't
know how to do that in Unix.)

 However, occasionally the rulers do tell someone. Under the usual
`su' mechanism, once someone learns the root password who sympathizes
with the ordinary users, he or she can tell the rest. The "wheel
group" feature would make this impossible, and thus cement the power of
the rulers.

 I'm on the side of the masses, not that of the rulers. If you are
used to supporting the bosses and sysadmins in whatever they do, you
might find this idea strange at first.


You can find a lot more on the matter by Googling "wheel group rms" or similar.






share|improve this answer




















  • 2





    This is the only correct answer. The setting is intentional, historical, and this exactly is the reason for it. All the technical blabla is just that - blabla. You can absolutely reintroduce the "wheel" group in a modern Unix.

    – Tom
    Aug 19 at 12:11


















9
















However, since the permissions on su are -rwsr-xr-x there's nothing stopping them from attempting to brute force the root password.




Yes. Assuming your usual Linux system, the pam_unix.so module does delay a failed authentication attempt by ~two seconds, but I don't think there's anything to stop simultaneous attempts.



Failed attempts are logged of course:



Aug 16 22:52:33 somehost su[17387]: FAILED su for root by ilkkachu


Brute-forcing a password should show up prominently in the logs, if you have any kind of system for monitoring them. And if you have untrusted local users, maybe you should. Untrusted local users could also attempt to use any local-only privilege escalation exploits, and they're much more common than remote privilege escalation.




What's further puzzling to me in that it doesn't even seem useful.




Of course it's useful, it allows you to elevate yourself to root, if you know the password.




It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience.




sudo su is somewhat redundant. There's no need to use two programs that are meant to allow you to run programs as another user, one is quite enough. Just use sudo -i or sudo -s (or sudo /bin/bash etc.) if you want to run shell.




Am I overlooking something? Is the world execute permission on su just there for historic reasons?




See above. Well, not all systems have sudo as an alternative, I'm not sure if you consider that historic.




Are there any downsides to removing that permission that I haven't encountered yet?




Not really, no as far as I know. I think some systems have su set so that only members of a particular group ("wheel") can run it. You can do the same to sudo if you like (chown root.sudousers /usr/bin/sudo && chmod 4710 /usr/bin/sudo).



Or you could just remove either or both of the programs if you don't need them. Though on Debian, su comes with the login package, so it's probably not a good idea to remove the package as a whole. (And pairing login and su together like that does seem somewhat historic.)






share|improve this answer




















  • 1





    BSD systems require users to be in the wheel group to use su. There are some BSD systems (I can only speak for OpenBSD) that does not ship with sudo at all (it's a 3rd-party package). OpenBSD has doas which is a reimplementation of the basics of sudo, but it's disabled by default upon installing a fresh system.

    – Kusalananda
    Aug 16 at 20:33











  • @Kusalananda You only have to be in wheel if you want to su to root. Any account can su to any non-root account for which they have the password, regardless of their membership in the wheel group.

    – Jim L.
    Aug 16 at 20:44












  • I run 'sudo su -' to ensure that the root shell I get is a full root login, without a polluted environment from my user account. The default sudoers on RHEL includes quite a few environment variables that are executable (such as PS1).

    – jsbillings
    Aug 16 at 23:30











  • @jsbillings, hmm, ok. Does su clear the environment then? It doesn't seem to do that on Debian...

    – ilkkachu
    Aug 17 at 6:37











  • “su -“ does in every Linux I know of. Mind the dash.

    – jsbillings
    Aug 17 at 12:23


















6















You already have some good answers, but there's one part of your post they don't address.




As far as I can tell, the world execute permission on /usr/bin/su is the only avenue for users attempting to gain root on my server.




That's a dangerous assumption. If you've set a good password for root, then it in most cases is far more likely that a successful privilege escalation will be due to the exploitation of a bug in the kernel or a setuid binary (you can of course also remove the setuid bit from those, but passwd is setuid, and if you want to high security you should also offer that to your users, and denying them the option of changing their password is not compatible with that).






share|improve this answer
































    0















    su needs to be world-executable so everyone can run it.
    In many systems, it can be used to change to another user, by supplying their password.



    If you are concerned about someone bruteforcing the root password, you could just disable it. (make the hash invalid so no given password can match it)



    I don't know about the consensus, but I'd consider being able to log in as root directly a security problem in and of itself.






    share|improve this answer
































      -2















      The other answers are correct saying "su" allows you to log into accounts other than root.



      One note about "sudo su" though. This actually allows you to log into the root account without knowing the root password. You do have to know the password of the account you run sudo with as well as have that account be in the sudoers file.






      share|improve this answer




















      • 3





        That depends entirely on whether sudoers has targetpw or rootpw set.

        – muru
        Aug 19 at 4:47







      • 1





        This has nothing to do with su being executable by all.

        – Kusalananda
        Aug 19 at 7:07













      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "106"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f535936%2fwhy-is-su-world-executable%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      6 Answers
      6






      active

      oldest

      votes








      6 Answers
      6






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      37















      One point that is missing from ilkkachu's answer is that elevating to root is only one specific use for su. The general purpose of su is to open a new shell under another user's login account. That other user could be root (and perhaps most often is), but su can be used to assume any identity the local system can authenticate.



      For example, if I'm logged in as user jim, and I want to investigate a problem that mike has reported, but which I am unable to reproduce, I might try logging in as mike, and running the command that is giving him trouble.



      13:27:20 /home/jim> su -l mike
      Password:(I type mike's password (or have him type it) and press Enter)
      13:27:22 /home/mike> id
      uid=1004(mike) gid=1004(mike) groups=1004(mike)
      13:27:25 /home/mike> exit # this leaves mike's login shell and returns to jim's
      13:27:29 /home/jim> id
      uid=1001(jim) gid=1001(jim) groups=1001(jim),0(wheel),5(operator),14(ftp),920(vboxusers)


      Using the -l option of su causes it to simulate a full login (per the man page).



      The above requires knowledge of mike's password, however. If I have sudo access, I can log in as mike even without his password.



      13:27:37 /home/jim> sudo su -l mike
      Password:(I type my own password, because this is sudo asking)
      13:27:41 /home/mike>


      In summary, the reason the permissions on the su executable are as you show, is because su is a general-purpose tool that is available to all users on the system.






      share|improve this answer






















      • 1





        That makes a lot of sense. Since I'm in the habit of using sudo I forgot that su can be used for more than just sudo -s. And without being a sudoer this would be the only way to switch users without altering ssh keys. For my use case this is another reason to remove the permission, but I understand now why the world execute permission is set by default. Thanks!

        – Altay_H
        Aug 16 at 20:57






      • 1





        Another point is that sudo, too, can be used to assume the identity of a user other than root. It's simply allows finer grained control over who can do what as whom, including assuming another identity without the need for that identity's password.

        – chepner
        Aug 17 at 13:57











      • Part of the confusion is that people think su stands for "super user", which it does, when no user is specified (or root is explicity specified) but it also stands for "switch user". This second use of su is therefore easily forgotten.

        – Monty Harder
        Aug 19 at 16:51















      37















      One point that is missing from ilkkachu's answer is that elevating to root is only one specific use for su. The general purpose of su is to open a new shell under another user's login account. That other user could be root (and perhaps most often is), but su can be used to assume any identity the local system can authenticate.



      For example, if I'm logged in as user jim, and I want to investigate a problem that mike has reported, but which I am unable to reproduce, I might try logging in as mike, and running the command that is giving him trouble.



      13:27:20 /home/jim> su -l mike
      Password:(I type mike's password (or have him type it) and press Enter)
      13:27:22 /home/mike> id
      uid=1004(mike) gid=1004(mike) groups=1004(mike)
      13:27:25 /home/mike> exit # this leaves mike's login shell and returns to jim's
      13:27:29 /home/jim> id
      uid=1001(jim) gid=1001(jim) groups=1001(jim),0(wheel),5(operator),14(ftp),920(vboxusers)


      Using the -l option of su causes it to simulate a full login (per the man page).



      The above requires knowledge of mike's password, however. If I have sudo access, I can log in as mike even without his password.



      13:27:37 /home/jim> sudo su -l mike
      Password:(I type my own password, because this is sudo asking)
      13:27:41 /home/mike>


      In summary, the reason the permissions on the su executable are as you show, is because su is a general-purpose tool that is available to all users on the system.






      share|improve this answer






















      • 1





        That makes a lot of sense. Since I'm in the habit of using sudo I forgot that su can be used for more than just sudo -s. And without being a sudoer this would be the only way to switch users without altering ssh keys. For my use case this is another reason to remove the permission, but I understand now why the world execute permission is set by default. Thanks!

        – Altay_H
        Aug 16 at 20:57






      • 1





        Another point is that sudo, too, can be used to assume the identity of a user other than root. It's simply allows finer grained control over who can do what as whom, including assuming another identity without the need for that identity's password.

        – chepner
        Aug 17 at 13:57











      • Part of the confusion is that people think su stands for "super user", which it does, when no user is specified (or root is explicity specified) but it also stands for "switch user". This second use of su is therefore easily forgotten.

        – Monty Harder
        Aug 19 at 16:51













      37














      37










      37









      One point that is missing from ilkkachu's answer is that elevating to root is only one specific use for su. The general purpose of su is to open a new shell under another user's login account. That other user could be root (and perhaps most often is), but su can be used to assume any identity the local system can authenticate.



      For example, if I'm logged in as user jim, and I want to investigate a problem that mike has reported, but which I am unable to reproduce, I might try logging in as mike, and running the command that is giving him trouble.



      13:27:20 /home/jim> su -l mike
      Password:(I type mike's password (or have him type it) and press Enter)
      13:27:22 /home/mike> id
      uid=1004(mike) gid=1004(mike) groups=1004(mike)
      13:27:25 /home/mike> exit # this leaves mike's login shell and returns to jim's
      13:27:29 /home/jim> id
      uid=1001(jim) gid=1001(jim) groups=1001(jim),0(wheel),5(operator),14(ftp),920(vboxusers)


      Using the -l option of su causes it to simulate a full login (per the man page).



      The above requires knowledge of mike's password, however. If I have sudo access, I can log in as mike even without his password.



      13:27:37 /home/jim> sudo su -l mike
      Password:(I type my own password, because this is sudo asking)
      13:27:41 /home/mike>


      In summary, the reason the permissions on the su executable are as you show, is because su is a general-purpose tool that is available to all users on the system.






      share|improve this answer















      One point that is missing from ilkkachu's answer is that elevating to root is only one specific use for su. The general purpose of su is to open a new shell under another user's login account. That other user could be root (and perhaps most often is), but su can be used to assume any identity the local system can authenticate.



      For example, if I'm logged in as user jim, and I want to investigate a problem that mike has reported, but which I am unable to reproduce, I might try logging in as mike, and running the command that is giving him trouble.



      13:27:20 /home/jim> su -l mike
      Password:(I type mike's password (or have him type it) and press Enter)
      13:27:22 /home/mike> id
      uid=1004(mike) gid=1004(mike) groups=1004(mike)
      13:27:25 /home/mike> exit # this leaves mike's login shell and returns to jim's
      13:27:29 /home/jim> id
      uid=1001(jim) gid=1001(jim) groups=1001(jim),0(wheel),5(operator),14(ftp),920(vboxusers)


      Using the -l option of su causes it to simulate a full login (per the man page).



      The above requires knowledge of mike's password, however. If I have sudo access, I can log in as mike even without his password.



      13:27:37 /home/jim> sudo su -l mike
      Password:(I type my own password, because this is sudo asking)
      13:27:41 /home/mike>


      In summary, the reason the permissions on the su executable are as you show, is because su is a general-purpose tool that is available to all users on the system.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Aug 19 at 0:05









      Jeff Schaller

      49.4k11 gold badges72 silver badges164 bronze badges




      49.4k11 gold badges72 silver badges164 bronze badges










      answered Aug 16 at 20:42









      Jim L.Jim L.

      2,0934 silver badges12 bronze badges




      2,0934 silver badges12 bronze badges










      • 1





        That makes a lot of sense. Since I'm in the habit of using sudo I forgot that su can be used for more than just sudo -s. And without being a sudoer this would be the only way to switch users without altering ssh keys. For my use case this is another reason to remove the permission, but I understand now why the world execute permission is set by default. Thanks!

        – Altay_H
        Aug 16 at 20:57






      • 1





        Another point is that sudo, too, can be used to assume the identity of a user other than root. It's simply allows finer grained control over who can do what as whom, including assuming another identity without the need for that identity's password.

        – chepner
        Aug 17 at 13:57











      • Part of the confusion is that people think su stands for "super user", which it does, when no user is specified (or root is explicity specified) but it also stands for "switch user". This second use of su is therefore easily forgotten.

        – Monty Harder
        Aug 19 at 16:51












      • 1





        That makes a lot of sense. Since I'm in the habit of using sudo I forgot that su can be used for more than just sudo -s. And without being a sudoer this would be the only way to switch users without altering ssh keys. For my use case this is another reason to remove the permission, but I understand now why the world execute permission is set by default. Thanks!

        – Altay_H
        Aug 16 at 20:57






      • 1





        Another point is that sudo, too, can be used to assume the identity of a user other than root. It's simply allows finer grained control over who can do what as whom, including assuming another identity without the need for that identity's password.

        – chepner
        Aug 17 at 13:57











      • Part of the confusion is that people think su stands for "super user", which it does, when no user is specified (or root is explicity specified) but it also stands for "switch user". This second use of su is therefore easily forgotten.

        – Monty Harder
        Aug 19 at 16:51







      1




      1





      That makes a lot of sense. Since I'm in the habit of using sudo I forgot that su can be used for more than just sudo -s. And without being a sudoer this would be the only way to switch users without altering ssh keys. For my use case this is another reason to remove the permission, but I understand now why the world execute permission is set by default. Thanks!

      – Altay_H
      Aug 16 at 20:57





      That makes a lot of sense. Since I'm in the habit of using sudo I forgot that su can be used for more than just sudo -s. And without being a sudoer this would be the only way to switch users without altering ssh keys. For my use case this is another reason to remove the permission, but I understand now why the world execute permission is set by default. Thanks!

      – Altay_H
      Aug 16 at 20:57




      1




      1





      Another point is that sudo, too, can be used to assume the identity of a user other than root. It's simply allows finer grained control over who can do what as whom, including assuming another identity without the need for that identity's password.

      – chepner
      Aug 17 at 13:57





      Another point is that sudo, too, can be used to assume the identity of a user other than root. It's simply allows finer grained control over who can do what as whom, including assuming another identity without the need for that identity's password.

      – chepner
      Aug 17 at 13:57













      Part of the confusion is that people think su stands for "super user", which it does, when no user is specified (or root is explicity specified) but it also stands for "switch user". This second use of su is therefore easily forgotten.

      – Monty Harder
      Aug 19 at 16:51





      Part of the confusion is that people think su stands for "super user", which it does, when no user is specified (or root is explicity specified) but it also stands for "switch user". This second use of su is therefore easily forgotten.

      – Monty Harder
      Aug 19 at 16:51













      19















      Historically (on non-GNU unices), it wasn't, or at least it manually checked if you were in a group called "wheel" permitted to su. The GNU version of su did not reproduce this functionality because of RMS's ideology about access control at the time:



      Why GNU `su' does not support the `wheel' group
      ===============================================

       (This section is by Richard Stallman.)

       Sometimes a few of the users try to hold total power over all the
      rest. For example, in 1984, a few users at the MIT AI lab decided to
      seize power by changing the operator password on the Twenex system and
      keeping it secret from everyone else. (I was able to thwart this coup
      and give power back to the users by patching the kernel, but I wouldn't
      know how to do that in Unix.)

       However, occasionally the rulers do tell someone. Under the usual
      `su' mechanism, once someone learns the root password who sympathizes
      with the ordinary users, he or she can tell the rest. The "wheel
      group" feature would make this impossible, and thus cement the power of
      the rulers.

       I'm on the side of the masses, not that of the rulers. If you are
      used to supporting the bosses and sysadmins in whatever they do, you
      might find this idea strange at first.


      You can find a lot more on the matter by Googling "wheel group rms" or similar.






      share|improve this answer




















      • 2





        This is the only correct answer. The setting is intentional, historical, and this exactly is the reason for it. All the technical blabla is just that - blabla. You can absolutely reintroduce the "wheel" group in a modern Unix.

        – Tom
        Aug 19 at 12:11















      19















      Historically (on non-GNU unices), it wasn't, or at least it manually checked if you were in a group called "wheel" permitted to su. The GNU version of su did not reproduce this functionality because of RMS's ideology about access control at the time:



      Why GNU `su' does not support the `wheel' group
      ===============================================

       (This section is by Richard Stallman.)

       Sometimes a few of the users try to hold total power over all the
      rest. For example, in 1984, a few users at the MIT AI lab decided to
      seize power by changing the operator password on the Twenex system and
      keeping it secret from everyone else. (I was able to thwart this coup
      and give power back to the users by patching the kernel, but I wouldn't
      know how to do that in Unix.)

       However, occasionally the rulers do tell someone. Under the usual
      `su' mechanism, once someone learns the root password who sympathizes
      with the ordinary users, he or she can tell the rest. The "wheel
      group" feature would make this impossible, and thus cement the power of
      the rulers.

       I'm on the side of the masses, not that of the rulers. If you are
      used to supporting the bosses and sysadmins in whatever they do, you
      might find this idea strange at first.


      You can find a lot more on the matter by Googling "wheel group rms" or similar.






      share|improve this answer




















      • 2





        This is the only correct answer. The setting is intentional, historical, and this exactly is the reason for it. All the technical blabla is just that - blabla. You can absolutely reintroduce the "wheel" group in a modern Unix.

        – Tom
        Aug 19 at 12:11













      19














      19










      19









      Historically (on non-GNU unices), it wasn't, or at least it manually checked if you were in a group called "wheel" permitted to su. The GNU version of su did not reproduce this functionality because of RMS's ideology about access control at the time:



      Why GNU `su' does not support the `wheel' group
      ===============================================

       (This section is by Richard Stallman.)

       Sometimes a few of the users try to hold total power over all the
      rest. For example, in 1984, a few users at the MIT AI lab decided to
      seize power by changing the operator password on the Twenex system and
      keeping it secret from everyone else. (I was able to thwart this coup
      and give power back to the users by patching the kernel, but I wouldn't
      know how to do that in Unix.)

       However, occasionally the rulers do tell someone. Under the usual
      `su' mechanism, once someone learns the root password who sympathizes
      with the ordinary users, he or she can tell the rest. The "wheel
      group" feature would make this impossible, and thus cement the power of
      the rulers.

       I'm on the side of the masses, not that of the rulers. If you are
      used to supporting the bosses and sysadmins in whatever they do, you
      might find this idea strange at first.


      You can find a lot more on the matter by Googling "wheel group rms" or similar.






      share|improve this answer













      Historically (on non-GNU unices), it wasn't, or at least it manually checked if you were in a group called "wheel" permitted to su. The GNU version of su did not reproduce this functionality because of RMS's ideology about access control at the time:



      Why GNU `su' does not support the `wheel' group
      ===============================================

       (This section is by Richard Stallman.)

       Sometimes a few of the users try to hold total power over all the
      rest. For example, in 1984, a few users at the MIT AI lab decided to
      seize power by changing the operator password on the Twenex system and
      keeping it secret from everyone else. (I was able to thwart this coup
      and give power back to the users by patching the kernel, but I wouldn't
      know how to do that in Unix.)

       However, occasionally the rulers do tell someone. Under the usual
      `su' mechanism, once someone learns the root password who sympathizes
      with the ordinary users, he or she can tell the rest. The "wheel
      group" feature would make this impossible, and thus cement the power of
      the rulers.

       I'm on the side of the masses, not that of the rulers. If you are
      used to supporting the bosses and sysadmins in whatever they do, you
      might find this idea strange at first.


      You can find a lot more on the matter by Googling "wheel group rms" or similar.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Aug 17 at 21:24









      R..R..

      2,1541 gold badge11 silver badges17 bronze badges




      2,1541 gold badge11 silver badges17 bronze badges










      • 2





        This is the only correct answer. The setting is intentional, historical, and this exactly is the reason for it. All the technical blabla is just that - blabla. You can absolutely reintroduce the "wheel" group in a modern Unix.

        – Tom
        Aug 19 at 12:11












      • 2





        This is the only correct answer. The setting is intentional, historical, and this exactly is the reason for it. All the technical blabla is just that - blabla. You can absolutely reintroduce the "wheel" group in a modern Unix.

        – Tom
        Aug 19 at 12:11







      2




      2





      This is the only correct answer. The setting is intentional, historical, and this exactly is the reason for it. All the technical blabla is just that - blabla. You can absolutely reintroduce the "wheel" group in a modern Unix.

      – Tom
      Aug 19 at 12:11





      This is the only correct answer. The setting is intentional, historical, and this exactly is the reason for it. All the technical blabla is just that - blabla. You can absolutely reintroduce the "wheel" group in a modern Unix.

      – Tom
      Aug 19 at 12:11











      9
















      However, since the permissions on su are -rwsr-xr-x there's nothing stopping them from attempting to brute force the root password.




      Yes. Assuming your usual Linux system, the pam_unix.so module does delay a failed authentication attempt by ~two seconds, but I don't think there's anything to stop simultaneous attempts.



      Failed attempts are logged of course:



      Aug 16 22:52:33 somehost su[17387]: FAILED su for root by ilkkachu


      Brute-forcing a password should show up prominently in the logs, if you have any kind of system for monitoring them. And if you have untrusted local users, maybe you should. Untrusted local users could also attempt to use any local-only privilege escalation exploits, and they're much more common than remote privilege escalation.




      What's further puzzling to me in that it doesn't even seem useful.




      Of course it's useful, it allows you to elevate yourself to root, if you know the password.




      It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience.




      sudo su is somewhat redundant. There's no need to use two programs that are meant to allow you to run programs as another user, one is quite enough. Just use sudo -i or sudo -s (or sudo /bin/bash etc.) if you want to run shell.




      Am I overlooking something? Is the world execute permission on su just there for historic reasons?




      See above. Well, not all systems have sudo as an alternative, I'm not sure if you consider that historic.




      Are there any downsides to removing that permission that I haven't encountered yet?




      Not really, no as far as I know. I think some systems have su set so that only members of a particular group ("wheel") can run it. You can do the same to sudo if you like (chown root.sudousers /usr/bin/sudo && chmod 4710 /usr/bin/sudo).



      Or you could just remove either or both of the programs if you don't need them. Though on Debian, su comes with the login package, so it's probably not a good idea to remove the package as a whole. (And pairing login and su together like that does seem somewhat historic.)






      share|improve this answer




















      • 1





        BSD systems require users to be in the wheel group to use su. There are some BSD systems (I can only speak for OpenBSD) that does not ship with sudo at all (it's a 3rd-party package). OpenBSD has doas which is a reimplementation of the basics of sudo, but it's disabled by default upon installing a fresh system.

        – Kusalananda
        Aug 16 at 20:33











      • @Kusalananda You only have to be in wheel if you want to su to root. Any account can su to any non-root account for which they have the password, regardless of their membership in the wheel group.

        – Jim L.
        Aug 16 at 20:44












      • I run 'sudo su -' to ensure that the root shell I get is a full root login, without a polluted environment from my user account. The default sudoers on RHEL includes quite a few environment variables that are executable (such as PS1).

        – jsbillings
        Aug 16 at 23:30











      • @jsbillings, hmm, ok. Does su clear the environment then? It doesn't seem to do that on Debian...

        – ilkkachu
        Aug 17 at 6:37











      • “su -“ does in every Linux I know of. Mind the dash.

        – jsbillings
        Aug 17 at 12:23















      9
















      However, since the permissions on su are -rwsr-xr-x there's nothing stopping them from attempting to brute force the root password.




      Yes. Assuming your usual Linux system, the pam_unix.so module does delay a failed authentication attempt by ~two seconds, but I don't think there's anything to stop simultaneous attempts.



      Failed attempts are logged of course:



      Aug 16 22:52:33 somehost su[17387]: FAILED su for root by ilkkachu


      Brute-forcing a password should show up prominently in the logs, if you have any kind of system for monitoring them. And if you have untrusted local users, maybe you should. Untrusted local users could also attempt to use any local-only privilege escalation exploits, and they're much more common than remote privilege escalation.




      What's further puzzling to me in that it doesn't even seem useful.




      Of course it's useful, it allows you to elevate yourself to root, if you know the password.




      It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience.




      sudo su is somewhat redundant. There's no need to use two programs that are meant to allow you to run programs as another user, one is quite enough. Just use sudo -i or sudo -s (or sudo /bin/bash etc.) if you want to run shell.




      Am I overlooking something? Is the world execute permission on su just there for historic reasons?




      See above. Well, not all systems have sudo as an alternative, I'm not sure if you consider that historic.




      Are there any downsides to removing that permission that I haven't encountered yet?




      Not really, no as far as I know. I think some systems have su set so that only members of a particular group ("wheel") can run it. You can do the same to sudo if you like (chown root.sudousers /usr/bin/sudo && chmod 4710 /usr/bin/sudo).



      Or you could just remove either or both of the programs if you don't need them. Though on Debian, su comes with the login package, so it's probably not a good idea to remove the package as a whole. (And pairing login and su together like that does seem somewhat historic.)






      share|improve this answer




















      • 1





        BSD systems require users to be in the wheel group to use su. There are some BSD systems (I can only speak for OpenBSD) that does not ship with sudo at all (it's a 3rd-party package). OpenBSD has doas which is a reimplementation of the basics of sudo, but it's disabled by default upon installing a fresh system.

        – Kusalananda
        Aug 16 at 20:33











      • @Kusalananda You only have to be in wheel if you want to su to root. Any account can su to any non-root account for which they have the password, regardless of their membership in the wheel group.

        – Jim L.
        Aug 16 at 20:44












      • I run 'sudo su -' to ensure that the root shell I get is a full root login, without a polluted environment from my user account. The default sudoers on RHEL includes quite a few environment variables that are executable (such as PS1).

        – jsbillings
        Aug 16 at 23:30











      • @jsbillings, hmm, ok. Does su clear the environment then? It doesn't seem to do that on Debian...

        – ilkkachu
        Aug 17 at 6:37











      • “su -“ does in every Linux I know of. Mind the dash.

        – jsbillings
        Aug 17 at 12:23













      9














      9










      9










      However, since the permissions on su are -rwsr-xr-x there's nothing stopping them from attempting to brute force the root password.




      Yes. Assuming your usual Linux system, the pam_unix.so module does delay a failed authentication attempt by ~two seconds, but I don't think there's anything to stop simultaneous attempts.



      Failed attempts are logged of course:



      Aug 16 22:52:33 somehost su[17387]: FAILED su for root by ilkkachu


      Brute-forcing a password should show up prominently in the logs, if you have any kind of system for monitoring them. And if you have untrusted local users, maybe you should. Untrusted local users could also attempt to use any local-only privilege escalation exploits, and they're much more common than remote privilege escalation.




      What's further puzzling to me in that it doesn't even seem useful.




      Of course it's useful, it allows you to elevate yourself to root, if you know the password.




      It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience.




      sudo su is somewhat redundant. There's no need to use two programs that are meant to allow you to run programs as another user, one is quite enough. Just use sudo -i or sudo -s (or sudo /bin/bash etc.) if you want to run shell.




      Am I overlooking something? Is the world execute permission on su just there for historic reasons?




      See above. Well, not all systems have sudo as an alternative, I'm not sure if you consider that historic.




      Are there any downsides to removing that permission that I haven't encountered yet?




      Not really, no as far as I know. I think some systems have su set so that only members of a particular group ("wheel") can run it. You can do the same to sudo if you like (chown root.sudousers /usr/bin/sudo && chmod 4710 /usr/bin/sudo).



      Or you could just remove either or both of the programs if you don't need them. Though on Debian, su comes with the login package, so it's probably not a good idea to remove the package as a whole. (And pairing login and su together like that does seem somewhat historic.)






      share|improve this answer














      However, since the permissions on su are -rwsr-xr-x there's nothing stopping them from attempting to brute force the root password.




      Yes. Assuming your usual Linux system, the pam_unix.so module does delay a failed authentication attempt by ~two seconds, but I don't think there's anything to stop simultaneous attempts.



      Failed attempts are logged of course:



      Aug 16 22:52:33 somehost su[17387]: FAILED su for root by ilkkachu


      Brute-forcing a password should show up prominently in the logs, if you have any kind of system for monitoring them. And if you have untrusted local users, maybe you should. Untrusted local users could also attempt to use any local-only privilege escalation exploits, and they're much more common than remote privilege escalation.




      What's further puzzling to me in that it doesn't even seem useful.




      Of course it's useful, it allows you to elevate yourself to root, if you know the password.




      It allows me to run su directly instead of needing to do sudo su, but this is hardly an inconvenience.




      sudo su is somewhat redundant. There's no need to use two programs that are meant to allow you to run programs as another user, one is quite enough. Just use sudo -i or sudo -s (or sudo /bin/bash etc.) if you want to run shell.




      Am I overlooking something? Is the world execute permission on su just there for historic reasons?




      See above. Well, not all systems have sudo as an alternative, I'm not sure if you consider that historic.




      Are there any downsides to removing that permission that I haven't encountered yet?




      Not really, no as far as I know. I think some systems have su set so that only members of a particular group ("wheel") can run it. You can do the same to sudo if you like (chown root.sudousers /usr/bin/sudo && chmod 4710 /usr/bin/sudo).



      Or you could just remove either or both of the programs if you don't need them. Though on Debian, su comes with the login package, so it's probably not a good idea to remove the package as a whole. (And pairing login and su together like that does seem somewhat historic.)







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Aug 16 at 20:11









      ilkkachuilkkachu

      67.9k10 gold badges112 silver badges194 bronze badges




      67.9k10 gold badges112 silver badges194 bronze badges










      • 1





        BSD systems require users to be in the wheel group to use su. There are some BSD systems (I can only speak for OpenBSD) that does not ship with sudo at all (it's a 3rd-party package). OpenBSD has doas which is a reimplementation of the basics of sudo, but it's disabled by default upon installing a fresh system.

        – Kusalananda
        Aug 16 at 20:33











      • @Kusalananda You only have to be in wheel if you want to su to root. Any account can su to any non-root account for which they have the password, regardless of their membership in the wheel group.

        – Jim L.
        Aug 16 at 20:44












      • I run 'sudo su -' to ensure that the root shell I get is a full root login, without a polluted environment from my user account. The default sudoers on RHEL includes quite a few environment variables that are executable (such as PS1).

        – jsbillings
        Aug 16 at 23:30











      • @jsbillings, hmm, ok. Does su clear the environment then? It doesn't seem to do that on Debian...

        – ilkkachu
        Aug 17 at 6:37











      • “su -“ does in every Linux I know of. Mind the dash.

        – jsbillings
        Aug 17 at 12:23












      • 1





        BSD systems require users to be in the wheel group to use su. There are some BSD systems (I can only speak for OpenBSD) that does not ship with sudo at all (it's a 3rd-party package). OpenBSD has doas which is a reimplementation of the basics of sudo, but it's disabled by default upon installing a fresh system.

        – Kusalananda
        Aug 16 at 20:33











      • @Kusalananda You only have to be in wheel if you want to su to root. Any account can su to any non-root account for which they have the password, regardless of their membership in the wheel group.

        – Jim L.
        Aug 16 at 20:44












      • I run 'sudo su -' to ensure that the root shell I get is a full root login, without a polluted environment from my user account. The default sudoers on RHEL includes quite a few environment variables that are executable (such as PS1).

        – jsbillings
        Aug 16 at 23:30











      • @jsbillings, hmm, ok. Does su clear the environment then? It doesn't seem to do that on Debian...

        – ilkkachu
        Aug 17 at 6:37











      • “su -“ does in every Linux I know of. Mind the dash.

        – jsbillings
        Aug 17 at 12:23







      1




      1





      BSD systems require users to be in the wheel group to use su. There are some BSD systems (I can only speak for OpenBSD) that does not ship with sudo at all (it's a 3rd-party package). OpenBSD has doas which is a reimplementation of the basics of sudo, but it's disabled by default upon installing a fresh system.

      – Kusalananda
      Aug 16 at 20:33





      BSD systems require users to be in the wheel group to use su. There are some BSD systems (I can only speak for OpenBSD) that does not ship with sudo at all (it's a 3rd-party package). OpenBSD has doas which is a reimplementation of the basics of sudo, but it's disabled by default upon installing a fresh system.

      – Kusalananda
      Aug 16 at 20:33













      @Kusalananda You only have to be in wheel if you want to su to root. Any account can su to any non-root account for which they have the password, regardless of their membership in the wheel group.

      – Jim L.
      Aug 16 at 20:44






      @Kusalananda You only have to be in wheel if you want to su to root. Any account can su to any non-root account for which they have the password, regardless of their membership in the wheel group.

      – Jim L.
      Aug 16 at 20:44














      I run 'sudo su -' to ensure that the root shell I get is a full root login, without a polluted environment from my user account. The default sudoers on RHEL includes quite a few environment variables that are executable (such as PS1).

      – jsbillings
      Aug 16 at 23:30





      I run 'sudo su -' to ensure that the root shell I get is a full root login, without a polluted environment from my user account. The default sudoers on RHEL includes quite a few environment variables that are executable (such as PS1).

      – jsbillings
      Aug 16 at 23:30













      @jsbillings, hmm, ok. Does su clear the environment then? It doesn't seem to do that on Debian...

      – ilkkachu
      Aug 17 at 6:37





      @jsbillings, hmm, ok. Does su clear the environment then? It doesn't seem to do that on Debian...

      – ilkkachu
      Aug 17 at 6:37













      “su -“ does in every Linux I know of. Mind the dash.

      – jsbillings
      Aug 17 at 12:23





      “su -“ does in every Linux I know of. Mind the dash.

      – jsbillings
      Aug 17 at 12:23











      6















      You already have some good answers, but there's one part of your post they don't address.




      As far as I can tell, the world execute permission on /usr/bin/su is the only avenue for users attempting to gain root on my server.




      That's a dangerous assumption. If you've set a good password for root, then it in most cases is far more likely that a successful privilege escalation will be due to the exploitation of a bug in the kernel or a setuid binary (you can of course also remove the setuid bit from those, but passwd is setuid, and if you want to high security you should also offer that to your users, and denying them the option of changing their password is not compatible with that).






      share|improve this answer





























        6















        You already have some good answers, but there's one part of your post they don't address.




        As far as I can tell, the world execute permission on /usr/bin/su is the only avenue for users attempting to gain root on my server.




        That's a dangerous assumption. If you've set a good password for root, then it in most cases is far more likely that a successful privilege escalation will be due to the exploitation of a bug in the kernel or a setuid binary (you can of course also remove the setuid bit from those, but passwd is setuid, and if you want to high security you should also offer that to your users, and denying them the option of changing their password is not compatible with that).






        share|improve this answer



























          6














          6










          6









          You already have some good answers, but there's one part of your post they don't address.




          As far as I can tell, the world execute permission on /usr/bin/su is the only avenue for users attempting to gain root on my server.




          That's a dangerous assumption. If you've set a good password for root, then it in most cases is far more likely that a successful privilege escalation will be due to the exploitation of a bug in the kernel or a setuid binary (you can of course also remove the setuid bit from those, but passwd is setuid, and if you want to high security you should also offer that to your users, and denying them the option of changing their password is not compatible with that).






          share|improve this answer













          You already have some good answers, but there's one part of your post they don't address.




          As far as I can tell, the world execute permission on /usr/bin/su is the only avenue for users attempting to gain root on my server.




          That's a dangerous assumption. If you've set a good password for root, then it in most cases is far more likely that a successful privilege escalation will be due to the exploitation of a bug in the kernel or a setuid binary (you can of course also remove the setuid bit from those, but passwd is setuid, and if you want to high security you should also offer that to your users, and denying them the option of changing their password is not compatible with that).







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Aug 16 at 23:12









          HenrikHenrik

          3,8141 gold badge5 silver badges22 bronze badges




          3,8141 gold badge5 silver badges22 bronze badges
























              0















              su needs to be world-executable so everyone can run it.
              In many systems, it can be used to change to another user, by supplying their password.



              If you are concerned about someone bruteforcing the root password, you could just disable it. (make the hash invalid so no given password can match it)



              I don't know about the consensus, but I'd consider being able to log in as root directly a security problem in and of itself.






              share|improve this answer





























                0















                su needs to be world-executable so everyone can run it.
                In many systems, it can be used to change to another user, by supplying their password.



                If you are concerned about someone bruteforcing the root password, you could just disable it. (make the hash invalid so no given password can match it)



                I don't know about the consensus, but I'd consider being able to log in as root directly a security problem in and of itself.






                share|improve this answer



























                  0














                  0










                  0









                  su needs to be world-executable so everyone can run it.
                  In many systems, it can be used to change to another user, by supplying their password.



                  If you are concerned about someone bruteforcing the root password, you could just disable it. (make the hash invalid so no given password can match it)



                  I don't know about the consensus, but I'd consider being able to log in as root directly a security problem in and of itself.






                  share|improve this answer













                  su needs to be world-executable so everyone can run it.
                  In many systems, it can be used to change to another user, by supplying their password.



                  If you are concerned about someone bruteforcing the root password, you could just disable it. (make the hash invalid so no given password can match it)



                  I don't know about the consensus, but I'd consider being able to log in as root directly a security problem in and of itself.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Aug 19 at 15:35









                  bobsburnerbobsburner

                  11 bronze badge




                  11 bronze badge
























                      -2















                      The other answers are correct saying "su" allows you to log into accounts other than root.



                      One note about "sudo su" though. This actually allows you to log into the root account without knowing the root password. You do have to know the password of the account you run sudo with as well as have that account be in the sudoers file.






                      share|improve this answer




















                      • 3





                        That depends entirely on whether sudoers has targetpw or rootpw set.

                        – muru
                        Aug 19 at 4:47







                      • 1





                        This has nothing to do with su being executable by all.

                        – Kusalananda
                        Aug 19 at 7:07















                      -2















                      The other answers are correct saying "su" allows you to log into accounts other than root.



                      One note about "sudo su" though. This actually allows you to log into the root account without knowing the root password. You do have to know the password of the account you run sudo with as well as have that account be in the sudoers file.






                      share|improve this answer




















                      • 3





                        That depends entirely on whether sudoers has targetpw or rootpw set.

                        – muru
                        Aug 19 at 4:47







                      • 1





                        This has nothing to do with su being executable by all.

                        – Kusalananda
                        Aug 19 at 7:07













                      -2














                      -2










                      -2









                      The other answers are correct saying "su" allows you to log into accounts other than root.



                      One note about "sudo su" though. This actually allows you to log into the root account without knowing the root password. You do have to know the password of the account you run sudo with as well as have that account be in the sudoers file.






                      share|improve this answer













                      The other answers are correct saying "su" allows you to log into accounts other than root.



                      One note about "sudo su" though. This actually allows you to log into the root account without knowing the root password. You do have to know the password of the account you run sudo with as well as have that account be in the sudoers file.







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Aug 19 at 4:39









                      WindowsNTWindowsNT

                      71 bronze badge




                      71 bronze badge










                      • 3





                        That depends entirely on whether sudoers has targetpw or rootpw set.

                        – muru
                        Aug 19 at 4:47







                      • 1





                        This has nothing to do with su being executable by all.

                        – Kusalananda
                        Aug 19 at 7:07












                      • 3





                        That depends entirely on whether sudoers has targetpw or rootpw set.

                        – muru
                        Aug 19 at 4:47







                      • 1





                        This has nothing to do with su being executable by all.

                        – Kusalananda
                        Aug 19 at 7:07







                      3




                      3





                      That depends entirely on whether sudoers has targetpw or rootpw set.

                      – muru
                      Aug 19 at 4:47






                      That depends entirely on whether sudoers has targetpw or rootpw set.

                      – muru
                      Aug 19 at 4:47





                      1




                      1





                      This has nothing to do with su being executable by all.

                      – Kusalananda
                      Aug 19 at 7:07





                      This has nothing to do with su being executable by all.

                      – Kusalananda
                      Aug 19 at 7:07

















                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Unix & Linux Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f535936%2fwhy-is-su-world-executable%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      -

                      Popular posts from this blog

                      Get product attribute by attribute group code in magento 2get product attribute by product attribute group in magento 2Magento 2 Log Bundle Product Data in List Page?How to get all product attribute of a attribute group of Default attribute set?Magento 2.1 Create a filter in the product grid by new attributeMagento 2 : Get Product Attribute values By GroupMagento 2 How to get all existing values for one attributeMagento 2 get custom attribute of a single product inside a pluginMagento 2.3 How to get all the Multi Source Inventory (MSI) locations collection in custom module?Magento2: how to develop rest API to get new productsGet product attribute by attribute group code ( [attribute_group_code] ) in magento 2

                      Image
                      Is it safe to keep the GPU on 100% utilization for a very long time? What happens when the drag force exceeds the weight of an object falling into earth? shebang or not shebang The unknown and unexplained in science fiction Are wands in any sort of book going to be too much like Harry Potter? How do I minimise waste on a flight? Concatenate all values of the same XML element using XPath/XQuery Did any early RISC OS precursor run on the BBC Micro? Single supply non-inverting amplifier using op amp Employee is self-centered and affects the team negatively Why always 4...dxc6 and not 4...bxc6 in the Ruy Lopez Exchange? TikZ/PGF draw algorithm Learning how to read schematics, questions about fractional voltage in schematic How can I test a shell script in a "safe environment" to avoid harm to my computer? A♭ major 9th chord in Bach is unexpectedly dissonant/jazzy What detail can Hubble see on Mars? Drug Testing and Prescribed Medications Justific
                      Read more

                      Category:9 (number) SubcategoriesMedia in category "9 (number)"Navigation menuUpload mediaGND ID: 4485639-8Library of Congress authority ID: sh85091979ReasonatorScholiaStatistics

                      Image
                      Natural numbersSquare numbersCategories requiring diffusion Help Category:9 (number) From Wikimedia Commons, the free media repository Jump to navigation Jump to search number: 9 (nine) instance of: natural number, deficient number, square number, composite number, odd number, centered cube number, centered octagonal number and nonagonal number other integers: -8 • -4 • -2 • -1 • 0 • 1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 • 10 • 11 • 12 • 13 • 14 • 15 • 16 • 17 • 18 • 19 • 20 • 21 • 22 • 23 • 24 • 25 • 26 • 27 • 28 • 29 -20 • 0 • 10 • 20 • 30 • 40 • 50 • 60 • 70 • 80 • 90 • 100 • 110 • 120 • 130 • 140 • 150 • 160 • 170 • 180 • 190 • 200 This category has become too crowded. It should list very few images directly. Files should be moved to subcategories where appropriate. New subcategories can be created. Some files need to be moved elsewhere. Search for more categories: fulltext, Main Page, topics, meta categories. Please remove or replace this tag
                      Read more

                      Magento 2.3: How do i solve this, Not registered handle, on custom form?How can i rewrite TierPrice Block in Magento2magento 2 captcha not rendering if I override layout xmlmain.CRITICAL: Plugin class doesn't existMagento 2 : Problem while adding custom button order view page?Magento 2.2.5: Overriding Admin Controller sales/orderMagento 2.2.5: Add, Update and Delete existing products Custom OptionsMagento 2.3 : File Upload issue in UI Component FormMagento2 Not registered handleHow to configured Form Builder Js in my custom magento 2.3.0 module?Magento 2.3. How to create image upload field in an admin form

                      Image
                      2000s (or earlier) cyberpunk novel: dystopia, mega storm, omnipresent noise How important is it for multiple POVs to run chronologically? PhD: When to quit and move on? Motorcyle Chain needs to be cleaned every time you lube it? Why do most airliners have underwing engines, while business jets have rear-mounted engines? How to supply water to a coastal desert town with no rain and no freshwater aquifers? How come a desk dictionary be abridged? What's the big deal about the Nazgûl losing their horses? Is this standard Japanese employment negotiations, or am I missing something? Should I increase my 401(k) contributions, or increase my mortgage payments Is there a way to change the aspect ratio of a DNG file? Why is there paternal, for fatherly, fraternal, for brotherly, but no similar word for sons? What can a novel do that film and TV cannot? Is conquering your neighbors to fight a greater enemy a valid strategy? /api/sitecore is not working in CD server
                      Read more