su or sudo ?

My notes and some information about su and sudo, to gain privileged access on a Linux system.

su or sudo ?
A chess board with a black king pawn which crush a white king pawn, flat 3d, white background. Généré avec l'IA DALL-E 3.

Both the su and sudo commands are used to access a superuser account in Unix/Linux-based operating systems. However, these commands exhibit essential differences.

Using su and su -

An acronym for "substitute user," the su command allows switching to another user account, typically "root." Authentication requires the password of the target account, while Linux's PAM (Pluggable Authentication Modules) system is used to verify the information.

You must know the user's password to authenticate yourself. For instance, by executing su root, the "root" account's password will be requested. su utilizes Linux's internal "PAM" system to authenticate accounts.

# Connexion to the "bob" user from your own account
$ su bob

# "full" connexion with the user 'julien'
$ su - julien

While su is convenient, it retains the original account's UID (User Identifier) and GID (Group Identifier), which can lead to confusion in the working directory and identifiers. For a complete connection to the target account, su - is recommended. The - indicates --login, ensuring an authentic connection.

sudo

Using the sudo command necessitates installing the "sudo" package on the machine. This command, ubiquitous in documentation and command entries, grants the user two capabilities: executing commands with elevated privileges and the ability to operate as another specified user.

#Debian/Ubuntu = apt install sudo
#Archlinux = pacman -S sudo
#Fedora/CentOS = yum install sudo

You've likely encountered "sudo" everywhere, whether in documentation or while observing your colleague entering commands. Using a command with sudo allows a user to:

  • Execute commands with elevated privileges, performing actions they might not have had access to before.
  • Execute commands as a specified user, inheriting the specified user's privileges.

sudo goes beyond su by integrating plugins for security, strong authentication, logging, and LDAP account exploitation. To enable sudo, the user must belong to the "sudo" group, which can be modified using usermod -aG sudo username.

Various uses of sudo are visible: sudo -i, sudo su, sudo command1... They are all almost equivalent.

  • sudo -i truly connects to the "root" user account and uses its .bashrc and .profile.
  • sudo su is a combination of two different commands: "sudo" and "su." By entering "sudo su," you execute the "su" command as root. This means you will need to enter your user password, not the root account's password.
  • sudo command: Executes the desired command with privileged rights (if you're a member of the "sudo" group).

Taking sudo a step further

In addition to its flexibility, sudo offer precise control by restricting privileges for specific commands. This functionality separates administrative tasks from routine operations, reducing potential misuse. However, the option to not enter a password each time requires caution to prevent errors. Additionally, sudo can integrate with sophisticated security policies and allows plugin usage for specific needs.

Another significant feature of sudo is the ability to configure specific commands to run without needing to enter a password every time. While this can enhance efficiency by avoiding repeated inputs, using this feature requires caution. It can increase the risk of errors, especially if the specified commands have significant consequences.

Beyond these aspects, sudo can integrate with sophisticated security policies, enabling two-factor authentications or context-based access controls. The use of plugins extends customization possibilities to meet specific environment needs.

And you?

Using sudo is generally preferred over su due to its flexibility and enhanced security. It is a balanced choice between administrative tasks and mitigating potential errors. For security reasons, restricting privileges to the bare necessity and configuring sudo policies is recommended. While su is useful, sudo represents a modern and secure approach to privilege management on Linux systems.

I'm using sudo whenever possible. Depending on server configurations and security considerations, I might remove the sudo package and directly use the root account, connecting via su.