1

I want to start a program as root when booting, and will add one of the following lines to rc.local:

sudo /path/my_prog
sudo sh -c "/path/my_prog"
su -c "/path/my_prog"

What is the difference between this three lines, and which is the correct one?

Eddy Sorngard
  • 149
  • 1
  • 12
  • What is the difference between `grep '^' file` and `cat file`? :-) – Andreas Louv Jan 21 '22 at 08:44
  • Perhaps see also [Running a command with `bash -c` vs without](https://stackoverflow.com/questions/70769529/running-a-command-with-bash-c-vs-without) (where obviously the question is about Bash, not `sh`; but parts of the question clearly apply to `sh -c command` vs `command` just as well). – tripleee Jan 21 '22 at 09:06

2 Answers2

3

You don't need any of them; rc.local runs with root privileges. The correct answer is to simply run your command.

/path/my_prog

su makes sense if you are root and want to switch to a different account.

sudo makes sense if you are running on an unprivileged account, and have been granted the rights to switch to another account (often, but not always, root), usually with the requirement to be able to interactively supply your password (though this can be turned off if you really have to; obviously, you need to understand what you are doing before you mess with security-related stuff).

sh -c "command" is just an inefficient way to run command. Running a shell makes sense when you actually require shell features such as wildcard expansion, redirection, etc, or shell builtins like cd.

Ideally, you might want to make sure that my_prog runs on a dedicated unprivileged system account; then, the syntax would be

su otheraccount -c /path/my_prog

where obviously you need to create otheraccount and make sure it has the privileges that are required for performing this particular task.

su optionally lets you add a lone dash before the account name to have it run a login session; but for a service account, this probably does not make sense.

tripleee
  • 175,061
  • 34
  • 275
  • 318
  • To run as another user I have seen ```su - otheraccount -c /path/my_prog```. What is the difference between this and ```su otheraccount -c /path/my_prog```? – Eddy Sorngard Jan 21 '22 at 09:52
  • As `man su` will readily reveal, the lone dash instructs it to run a login session. Updated the answer with a sentence about this. – tripleee Jan 21 '22 at 09:52
1

  • sudo /path/my_prog will execute /path/my_prog with sudo privileges.

  • sudo sh -c "/path/my_prog" will execute /path/my_prog (specified by the flag -c) with sh using sudo privileges.

  • su -c "/path/my_prog" will execute /path/my_prog (specified by the flag -c) with your current shell using sudo privileges.

The correct one to use depends on your use case, so actually it's up to you. IMHO, sudo foo and su -c foo are basically the same.

bert
  • 372
  • 4
  • 13
  • 2
    No, they are not at all the same. `su` requires you to have the root password; the whole purpose of `sudo` is to enable the admin to _selectively_ grant privileges to users _without_ sharing the root password. – tripleee Jan 21 '22 at 09:04