How to I change su

Craftman · 04-04-2019, 03:21 AM

Hi All,

I'm new to Linux and current using OracleLinux 6.8

Question is how can I change my root or other user account default directory to my bespoke diectory after when I execute "su - __"

berndbausch · 04-04-2019, 03:32 AM

su - brings you to the new user’s home directory. I don’t think this can be changed, so just use the cd command after su.

Craftman · 04-04-2019, 03:48 AM

Oh, as I was hopping if I can "su - root" to my chroot directory.

Does /etc/profile affect the login path?

berndbausch · 04-04-2019, 04:21 AM

You can change HOME in profile, but this doesn’t affect your current directory. You can however put a cd command into the profile.

I am not sure if you are asking the right questions. What do you want to achieve? Go to jail immediately at logon? Again I am not smarter than Google, but perhaps this helps: https://askubuntu.com/questions/5477...users-on-login.

fatmac · 04-04-2019, 04:28 AM

Normally, when you use su, you need to enter the root password, & then you will have root powers in/from your home directory.

When you use "su - root" you will be the root user in the /root directory.

ehartman · 04-04-2019, 04:56 AM

Quote:

Originally Posted by Craftman

Oh, as I was hopping if I can "su - root" to my chroot directory.

Does /etc/profile affect the login path?

I think you're mixing up the user root, which you can become with the su (Switch User) command, with the root directory (/), which can be changed by chroot.
They're two quite different things.

The root directory normally is /, for all users, but after a chroot another directory becomes a new root and directories outside of the tree below that cannot be seen or reached anymore. It doesn't have anything to do with which user you are.

pan64 · 04-04-2019, 05:01 AM

su is a tool. What you wish is something else, su cannot do that for you. Changing any account do achieve this is not a really good approach. If you need a tool to do that I think you need to implement it (actually you need to write a small shell script).

scasey · 04-04-2019, 02:18 PM

If you are in your chroot directory

Code:

su

(without the -) will give you root privileges in that directory.

As has been said the - causes the new user's environment to be loaded, which also causes a change to root's home directory, which is /root on my systems. If you don't want to change directories when you su, leave off the -

Note: If you're changing to another non-privileged user, leaving off the - will likely leave you in a state where you can't read or write the directory you're in.

Craftman · 04-04-2019, 08:40 PM

What I'm trying to achieve is to lock my current root account in chroot after I "su - root" from normal user account.

Example:
I login as a normal user "Alex" using putty.
In the current session when I key in "su - root". It will prompt for root password.
After which it will automatically go straight into my chroot.

Hi Pan64, do have a guide to write shell script to to implement it?

scasey · 04-04-2019, 08:46 PM

Quote:

Originally Posted by Craftman

What I'm trying to achieve is to lock my current root account in chroot after I "su - root" from normal user account.

Example:
I login as a normal user "Alex" using putty.
In the current session when I key in "su - root". It will prompt for root password.
After which it will automatically go straight into my chroot.

I'm pretty sure you can't lock down the superuser that way, or any way. root can do anything.
As I said, leaving the - off will leave you wherever you are when you su, but then you'll be root and can go anywhere you want.

What, exactly, are you trying to accomplish? By that I mean, why do you want to do as you've asked?

Craftman · 04-04-2019, 09:14 PM

My aim is to trap root account in chroot.
I'm succeeded by using "ssh root@localhost" and it will login directly to my chroot since I've already config my directory and edited sshd_config.

Now I trying to do the same but by using su or sudo but none succeed.

rknichols · 04-04-2019, 09:55 PM

It is trivial for root to escape from a chroot jail. Easiest way is to simply move the jail to a subdirectory of your current location, and thus you are no longer inside it.

pan64 · 04-05-2019, 12:26 AM

Quote:

Originally Posted by Craftman

My aim is to trap root account in chroot.

No, that is nonsense. Root is the account which can do anything. You cannot restrict it (or you may damage the whole system by that).

berndbausch · 04-05-2019, 03:39 AM

Quote:

Originally Posted by Craftman

What I'm trying to achieve is to lock my current root account in chroot after I "su - root" from normal user account.

I think it’s easier to simply disable su for normal accounts. See /etc/pam.d/su; you need to remove the comment in front of a single line to restrict su to members of group wheel.

Craftman · 04-08-2019, 01:41 AM

As there is a security scanning software inplace in my organisation.
-ssh to root (need to be block)
-so I'm trying to do a work around which is ssh to another account and then su to root.

I already completed configuring my chroot.
Just that I want it whenever I "su root" it will automatic go into my chroot.

Which I'm not sure if its do able