On Sun, Feb 28, 2010 at 7:28 AM, pk <pete...@coolmail.se> wrote: > ubiquitous1980 wrote: > >>> http://lists.debian.org/debian-security/2006/07/msg00059.html > >> With "sudo su - " the man pages do not have ESC throughout. I have >> learned sudo su from my ubuntu days and I am only guessing that this is >> bad practice and that the correct command is $ sudo su - > > No need to guess. Messing with superuser privileges without a proper > superuser environment (paths etc.) is considered bad from a security > point of view; for instance, an malicious application could be installed > in your user home dir, prepend the path to this to your local user $PATH > and whenever you do "su" (without -) you could invoke this app with > superuser privileges... > So to summarize: The link above (debian.org) explains it quite well and > yes, I would say it's a bad habit to omit -. :-)
7 years ago a veteran Linux user taught me to always use su - for the very reason you stated.
