sudo commands are used to access a superuser account in Unix/Linux-based operating systems. However, these commands exhibit essential differences.
Using su and su -
An acronym for "substitute user," the
su command allows switching to another user account, typically "root." Authentication requires the password of the target account, while Linux's PAM (Pluggable Authentication Modules) system is used to verify the information.
You must know the user's password to authenticate yourself. For instance, by executing
su root, the "root" account's password will be requested.
su utilizes Linux's internal "PAM" system to authenticate accounts.
# Connexion to the "bob" user from your own account
$ su bob
# "full" connexion with the user 'julien'
$ su - julien
su is convenient, it retains the original account's UID (User Identifier) and GID (Group Identifier), which can lead to confusion in the working directory and identifiers. For a complete connection to the target account,
su - is recommended. The
--login, ensuring an authentic connection.
sudo command necessitates installing the "sudo" package on the machine. This command, ubiquitous in documentation and command entries, grants the user two capabilities: executing commands with elevated privileges and the ability to operate as another specified user.
#Debian/Ubuntu = apt install sudo
#Archlinux = pacman -S sudo
#Fedora/CentOS = yum install sudo
You've likely encountered "sudo" everywhere, whether in documentation or while observing your colleague entering commands. Using a command with
sudo allows a user to:
- Execute commands with elevated privileges, performing actions they might not have had access to before.
- Execute commands as a specified user, inheriting the specified user's privileges.
sudo goes beyond
su by integrating plugins for security, strong authentication, logging, and LDAP account exploitation. To enable
sudo, the user must belong to the "sudo" group, which can be modified using
usermod -aG sudo username.
Various uses of
sudo are visible:
sudo command1... They are all almost equivalent.
sudo -itruly connects to the "root" user account and uses its
sudo suis a combination of two different commands: "sudo" and "su." By entering "sudo su," you execute the "su" command as root. This means you will need to enter your user password, not the root account's password.
sudo command: Executes the desired command with privileged rights (if you're a member of the "sudo" group).
Taking sudo a step further
In addition to its flexibility,
sudo offer precise control by restricting privileges for specific commands. This functionality separates administrative tasks from routine operations, reducing potential misuse. However, the option to not enter a password each time requires caution to prevent errors. Additionally,
sudo can integrate with sophisticated security policies and allows plugin usage for specific needs.
Another significant feature of
sudo is the ability to configure specific commands to run without needing to enter a password every time. While this can enhance efficiency by avoiding repeated inputs, using this feature requires caution. It can increase the risk of errors, especially if the specified commands have significant consequences.
Beyond these aspects,
sudo can integrate with sophisticated security policies, enabling two-factor authentications or context-based access controls. The use of plugins extends customization possibilities to meet specific environment needs.
sudo is generally preferred over
su due to its flexibility and enhanced security. It is a balanced choice between administrative tasks and mitigating potential errors. For security reasons, restricting privileges to the bare necessity and configuring
sudo policies is recommended. While
su is useful,
sudo represents a modern and secure approach to privilege management on Linux systems.
sudo whenever possible. Depending on server configurations and security considerations, I might remove the
sudo package and directly use the root account, connecting via