A little sysadmin twitch

November 25, 2005

Every system administrator has little twitches, behaviors that strike outside observers as somewhere between odd and superstitious. Sometimes these are just habits, but sometimes they have interesting stories behind them.

One of my twitches is that when I use su, I always type '/bin/su' (or on some irritating systems, '/usr/bin/su'), not plain 'su'. (By now it's a reflex.)

This habit originated in a bit of security advice. The story goes that if you didn't use absolute paths, an intruder who compromised your account could alter your $PATH so that plain 'su' ran a trojan version of su that logged the password somewhere, told you 'bad password', and then cleaned itself away to make future su's work normally.

In my current environment this is mostly superstition, because most of the time I get root access by starting a 'root xterm' (more or less 'xterm -e /bin/su -fg OrangeRed'; the red foreground makes such xterms stand out, avoiding accidents). An attacker who compromised my account could just zap the fvwm2 menu entry for this instead of changing my $PATH.

Still, it's my little twitch. Life wouldn't be quite the same without it.

Written on 25 November 2005.
« Solaris 9's slow patch installs
Making self-signed SSL certificates with OpenSSL »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri Nov 25 01:43:53 2005
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.