Deep understanding of the difference between Sudo and su "Go"

Source: Internet
Author: User
Tags root access

Deep understanding of the difference between Sudo and Su

The maximum difference between the two commands is:

The sudo command needs to enter the current user's password, and the SU command needs to enter the root user's password. Another difference is its default behavior. The sudo command only allows a single command to run with elevated privileges, while the SU command launches a new shell, allowing you to run as many commands as you can with root privileges until you explicitly log out.

Linux su Command

The primary role of the SU command is to allow you to switch to another user in the logged-in session. In other words, this tool allows you to log in as a different user without logging out of the current user.
The SU command is often used to switch to a superuser or root user (because it often requires root privileges to work under the command line), but-as mentioned earlier-the SU command can also be used to switch to any non-root user.
How to use the SU command to switch to the root user, just enter SU directly at the terminal as follows:
Su
SU command without command-line arguments
As above, the SU command requires that the password entered is the root user's password. Therefore, the General SU command needs to enter the password of the target user. After you enter the correct password, the SU command opens a child session in the terminal's current session.
Su-
There is also a way to switch to the root user: Run Su-command
Su-command
So what is the difference between the SU command and the Su-command? The former retains the old (or original user's) environment after switching to the root user, while the latter creates a new environment (the environment set by the root user ~/.bashrc file), which is equivalent to logging in normally with the root user (log on from the login screen).
sudo vs. su
Now that we've discussed the basics of the SU command, it's time to explore the difference between sudo and the SU command.

About password

The biggest difference between the two commands is that the sudo command needs to enter the current user's password, and the SU command needs to enter the root user's password.
It is clear that the sudo command is better in terms of security. For example, consider a computer that is used by multiple users who require root access. In this case, using SU means that you need to share the root user password with other users, which is obviously not a good habit.
In addition, if you want to revoke the access rights of a particular user's Superuser/root user, the only way to do this is to change the root password and then inform all other users of the new root password.
and using the sudo command is not the same, you can handle the above two cases well. Because the sudo command requires that you enter a different user's own password, you do not need to share the root password. At the same time, to prevent a particular user from accessing root privileges, only the appropriate configuration in the Sudoers file needs to be adjusted.

Default behavior

Another difference between the two commands is its default behavior. The sudo command only allows a single command to run with elevated privileges, while the SU command launches a new shell, allowing you to run as many commands as you can with root privileges until you explicitly log out.




Therefore, the default behavior of the SU command is risky, because users are likely to forget that they are working as root, and inadvertently make some unrecoverable changes (for example, run the RM-RF command against the wrong directory!). )。 For more information on why you are not encouraged to work as root, refer to [3] here.

Log records

Although the sudo command executes commands as the target user (by default, the root user), they use the user name configured by Sudoer to record who executes the command. The SU command is unable to directly track what actions the user has performed after switching to the root user.

Flexibility

The sudo command is much more flexible than the SU command, because you can even restrict which commands sudo users can access. In other words, users can access only the commands they need to work with the sudo command. The SU command gives the user permission to do anything.
sudo su
Some Linux distributions (such as Ubuntu) disable the root user account by default, presumably because of the risk of using the SU command or logging in directly as the root user. Users are encouraged to use the sudo command when they need root privileges.
However, you can still successfully execute the SU command without entering the root user's password. Run the following command:
sudo su
Since you run the command with sudo, you only need to enter the current user's password. So, once the operation is complete, the SU command will run as root, which means that it will no longer require any password entry.
PS: If you want to enable the root user account in the system (strongly objection, because you can use the sudo command or the sudo su command), you must manually set the root user password, you can use the following command:

sudo passwd root

Turn from

Deep understanding of the difference between Sudo and Su-csdn blog 71554302

Deep understanding of the difference between Sudo and su "Go"

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.