Just su

@Caleb — I found that question before posting, but that did not answer my direct question. See the second part of @Mat’s answer.

Just su

404 Not Found

Check the page address or search for it below.

• Terms Of Use
• About the BBC
• Privacy Policy
• Cookies
• Accessibility Help
• Parental Guidance
• Contact the BBC
• Get Personalised Newsletters

Copyright © BBC. The BBC is not responsible for the content of external sites. Read about our approach to external linking.

6 Answers 6

Sorted by: Reset to default

The main difference between these commands is in the way they restrict access to their functions.

su (which means «substitute user» or «switch user») — does exactly that, it starts another shell instance with privileges of the target user. To ensure you have the rights to do that, it asks you for the password of the target user. So, to become root, you need to know root password. If there are several users on your machine who need to run commands as root, they all need to know root password — note that it’ll be the same password. If you need to revoke admin permissions from one of the users, you need to change root password and tell it only to those people who need to keep access — messy.

sudo (hmm. what’s the mnemonic? Super-User-DO?) is completely different. It uses a config file (/etc/sudoers) which lists which users have rights to specific actions (run commands as root, etc.) When invoked, it asks for the password of the user who started it — to ensure the person at the terminal is really the same «joe» who’s listed in /etc/sudoers . To revoke admin privileges from a person, you just need to edit the config file (or remove the user from a group which is listed in that config). This results in much cleaner management of privileges.

As a result of this, in many Debian-based systems root user has no password set — i.e. it’s not possible to login as root directly.

Also, /etc/sudoers allows to specify some additional options — i.e. user X is only able to run program Y etc.

The often-used sudo su combination works as follows: first sudo asks you for your password, and, if you’re allowed to do so, invokes the next command ( su ) as a super-user. Because su is invoked by root , it does not require you to enter the target user’s password. So, sudo su allows you to open a shell as another user (including root), if you’re allowed super-user access by the /etc/sudoers file.

5 Answers 5

Sorted by: Reset to default

If you can use simply su , you should.

But, in most modern (desktop-) Linux distributions (for example Ubuntu) the root user is disabled and has no password set. Therefore you cannot switch to the root user with su (you can try). You have to call sudo with root privileges: sudo su .

Follow
answered Aug 25, 2015 at 20:34
chaos chaos
48.7k 11 11 gold badges 121 121 silver badges 145 145 bronze badges
I guess this is enabled on ubuntu servers.. because I can do it just fine on mine
Commented Aug 25, 2015 at 20:37
@ElectricCoffee I don’t know the ubuntu server version, but in the desktop version it’s disabled.
Commented Aug 25, 2015 at 20:39

-1 for «If you can simply use su, you should»; this is subjective at best, and bad advice at worst. Ideally, the use of sudo instead of su allows significantly more control over what a user is able to do with elevated privileges; and su without an extra dash is generally bad practice as it preserves the environment.

Commented Dec 31, 2015 at 20:55
«If you can use simply su, you should.» why .
Commented Nov 4, 2019 at 10:14
@binarym see unix.stackexchange.com/a/218175/52727
Commented Nov 4, 2019 at 10:29

sudo su , sudo -i and all other sudo requires the users password.

su requires the root password.

Follow
answered Aug 25, 2015 at 21:38
ctrl-alt-delor ctrl-alt-delor
28.3k 10 10 gold badges 60 60 silver badges 106 106 bronze badges
wouldn’t that make sudo su highly unsafe compared to simply using su ?
Commented Aug 25, 2015 at 21:40

@ElectricCoffee Both are unsafe: Having a root shell is unsafe; One slip of the fingers can cause a lot of damage. sudo is more secure that su, as sudo uses users password (note only those with appropriate privileges can use sudo), therefore we do not have to distribute a new root password every time someone leaves the group.

Commented Aug 26, 2015 at 7:14
Related: Why doesn’t the sudo command need the root password?
Commented Aug 26, 2015 at 19:31

@ElectricCoffee: Someone who has a sudo rule to run «su» with no password (or with their own password) has been explicitly given that permission by the sudoers configuration. The argument would be that a user’s password is more secure than a shared root password. The same complexity rules can be enforced in both cases, but with each user having their own password, rotation does not require communicating the password out to those who need that password. One could use the rootpw or targetpw option on a sudo rule if one really wanted to retain classic su behavior with sudo’s benefits.

Commented Aug 31, 2015 at 17:52

Both programs are suid root. There is no reason to ever type sudo su except for the situation where one is unfamiliar with the -i and -E options to sudo, or otherwise in the habit of doing things as root without understanding why they’re done. The su commands passes through a few hard-coded environment vars (or, on recent Linux, can use -p to pass through the entire environment), while sudo can control exactly which variables pass through (try $DISPLAY for a useful example). The su command can only prompt for the target user’s password (assuming a default pam stack), while sudo can be configured to authenticate as the source or target user, or neither, or always root — and can do so per command. The su command resets $HOME , while sudo can decide based on the ruleset available. And that’s one more forked process that doesn’t need to exist. Meanwhile, sudo logs the commands that it runs, so as long as you’re not just doing sudo -i or otherwise launching a shell, you can get a way better audit trail with sudo. When you run a command using sudo, it removes both . and empty elements in $PATH and then checks those last if they were present, preventing people from sticking a shell script named «ls» in /tmp and similar shenanigans. 🙂

Basically, sudo su is like nailing one hand behind sudo’s back and gaining nothing. 🙂

Follow
answered Aug 26, 2015 at 1:56
dannysauer dannysauer
1,269 7 7 silver badges 15 15 bronze badges

On some systems, su to root is not enabled for normal users, so sudo su is required.

Follow
answered Aug 25, 2015 at 20:32
Klaatu von Schlacker Klaatu von Schlacker
3,108 14 14 silver badges 15 15 bronze badges

it’s worked just fine on all the systems I’ve tested it on.. Linux and BSD alike, hence the confusion

Commented Aug 25, 2015 at 20:33
Why sudo su and not sudo -i ?
Commented Aug 25, 2015 at 21:00

@roaima sudo -i does not inherit the root PATH. Try echo $PATH and then sudo -i echo $PATH , then do sudo -i and once at a root prompt, do echo $PATH .

Commented Aug 25, 2015 at 22:03
@Klaatu but sudo -i echo $PATH is evaluating $PATH in the user’s context, not root’s.
Commented Aug 25, 2015 at 22:25

[user@host] /home/user$ sh -c ‘echo $PATH’ /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/quest/bin:/usr/local/sec:/var/cfengine/bin [user@host] /home/user$ sudo -i sh -c ‘echo $PATH’ /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/quest/bin:/usr/local/sec:/var/cfengine/bin:/var/cfengine/bin:/root/bin

Commented Aug 31, 2015 at 17:45

The main difference between these commands is in the way they restrict access to their functions.

su (which means «substitute user» or «switch user») — does exactly that, it starts another shell instance with privileges of the target user. To ensure you have the rights to do that, it asks you for the password of the target user. So, to become root, you need to know root password. If there are several users on your machine who need to run commands as root, they all need to know root password — note that it’ll be the same password. If you need to revoke admin permissions from one of the users, you need to change root password and tell it only to those people who need to keep access — messy.

sudo (hmm. what’s the mnemonic? Super-User-DO?) is completely different. It uses a config file (/etc/sudoers) which lists which users have rights to specific actions (run commands as root, etc.) When invoked, it asks for the password of the user who started it — to ensure the person at the terminal is really the same «joe» who’s listed in /etc/sudoers. To revoke admin privileges from a person, you just need to edit the config file (or remove the user from a group which is listed in that config). This results in much cleaner management of privileges.

As a result of this, in many Debian-based systems root user has no password set — i.e. it’s not possible to login as root directly.

Also, /etc/sudoers allows to specify some additional options — i.e. user X is only able to run program Y etc.

The often-used sudo su combination works as follows: first sudo asks you for your password, and, if you’re allowed to do so, invokes the next command (su) as a super-user. Because su is invoked by root, it does not require you to enter the target user’s password. So, sudo su allows you to open a shell as another user (including root), if you’re allowed super-user access by the /etc/sudoers file.

2 Answers 2

Sorted by: Reset to default

There are two questions there:

• Difference between su — username and su username

If — (or -l ) is specified, su simulates a real login. The environment is cleared except for a few select variables ( TERM notably, DISPLAY and XAUTHORITY on some systems). Otherwise the environment is left as it is except for PATH that is reset.

• Difference between passing no user name and specifying root

This might be system-dependent. On Linux with shadow as the package providing su , if no username is specified, then su first tries to see if user root has a passwd entry. If it does, it uses that. If it doesn’t, it tries uid 0.

Not sure about other Unix-like operating systems.

Источники:

https://www.bbc.com/news/articles/c511pyn3xw3o&rut=80e233c63a7660fd628b130db0e168de0775e0d44bd1a76b98559b1cb0d580c2
https://askubuntu.com/questions/70534/what-are-the-differences-between-su-sudo-s-sudo-i-sudo-su&rut=88fcee95683198c621990428a8f2f0b1f57083f83809664dfd8c000078c83dc0
https://unix.stackexchange.com/questions/225451/whats-the-difference-between-sudo-su-vs-just-su&rut=f98cb1ed2ac90942e2e6989d1c1b54fba12a9c6db4a7a64e3ccd0331a3afba5e
https://unix.stackexchange.com/questions/15611/what-is-the-difference-between-su-and-su-root&rut=ceb3a972b83a70545f48d19ccfd5dc90e837fbefeddf27270e587279dfa4f17a