What is the difference between "su" and "sudo" ?
in [General Linux]
|
Prev: chdir usage
Next: how to alias
From: Mike on 1 Jan 2010 11:53 On Dec 30 2009, 6:15 pm, kmlincoln...(a)hotmail.com (Matthew Lincoln) wrote: > Sorry for this newbie question: > > at is the difference between "su" and "sudo" command ? > > Matthew Hi, I would say that "sudo" executes a single command, with root permissions, while "su" starts a new shell with root permissions. So, "su" is like doing: # sudo bash -Mike
From: Moe Trin on 1 Jan 2010 14:52 On Thu, 31 Dec 2009, in the Usenet newsgroup comp.os.linux.misc, in article <87aawy29rg.fsf(a)thumper.dhh.gt.org>, John Hasler wrote: Happy New Year, John >Old guy writes: >> The problem in Ubuntu is the lack of a "usable" password for root. >> The account exists (as it must), but is disabled in /etc/shadow. >Anyone who cannot manage the trivial task of adding a root password >is better off without one. Ding, Ding, Ding - we have a winner! I scan the a.o.l.ubuntu newsgroup (and the recently created a.o.l.mint), and after your killfile is through, the majority of the questions reflect this skill level. Occasionally, you'll see a post asking how to enable root (or more disturbingly the "administrator") account, but few of the real replies provide the needed clue. Wonder why. Old guy
From: Moe Trin on 1 Jan 2010 14:54 On Thu, 31 Dec 2009, in the Usenet newsgroup comp.os.linux.misc, in article <ueev07-3fp.ln1(a)mid.florian-diesch.de>, Florian Diesch wrote: >ibuprofin(a)painkiller.example.tld.invalid (Moe Trin) writes: >> We always created separate users that had individual passwords other >> than their "user" accounts, and these special accounts had sudo levels >> without passwords. Use of 'su' to become these special users was logged, >> and 'sudo' differentiated what those special users could do. >So to revoke access to one of those special accounts for some user you >have to change that special account's password. Same as revoking access to any user account. >If that happens frequently it can be quite annoying and - depending on >the level bureaucracy involved - costly. Not really - other than the student interns, we don't have a significant turn-over rate. Example, my department has 38 people, and all have been with the company over five years. The registrar at each facility (who has the responsibility for - among other things - creating/deactivating/removing user accounts) has a simple script that handles the deactivation of accounts - basically takes a username, asks for the GECO name, room number, and phone extension for confirmation, then locks the account via the password and authentication files. This action is taken in response to notification from the users supervisor _OR_ HR. Removing old accounts are more of a hassle because the old account may have files that have to be transferred to other users and that takes some coordination. Maybe even some thinking! Old guy
From: Jeremy J Starcher on 2 Jan 2010 14:42 On Wed, 30 Dec 2009 18:15:21 +0000, Matthew Lincoln wrote: > Sorry for this newbie question: > > at is the difference between "su" and "sudo" command ? > > Matthew 'su' short for 'switch user.' Using su, one switches over to another user's identity (most often root) and has unlimited access after that. Its /almost/ the same as simply logging in as that user. sudo can operate like su does, but it can also be much more limited. For instance, you can set up your sudoers to say that user mary is allowed to execute the shutdowndown.. sudo shutdown -h now but that is the only root command she is allowed to run. You can even say if it should prompt her for a password or just do it. Read the man page between the two commands.
From: Regis on 4 Jan 2010 15:39
kmlincoln100(a)hotmail.com (Matthew Lincoln) writes: > Sorry for this newbie question: > > at is the difference between "su" and "sudo" command ? $ man su vs $ man sudo would be the RTFM answer. :-) But, in a nutshell, su switches users, while sudo ("sooo do") is most often used to execute a single command as the superuser, and nothing else. With su, your shell prompt will be as a different user, and will stay that say until you exit that shell. Issue the "id" command to see who you are at any given instant. su - is the usual way a regular user might change temporarily to be the root user. Or, how a root user might change to joeblow's account (su joeblow) to test something. sudo, on the other hand simply executes one command as the superuser (or an optionally specified username). Say, if you are loged in as joeblow, and need to restart a daemon, you'd joeblow$ sudo /etc/init.d/daemonofchoice restart sudo allows an administrator to have a great deal more granular control of allowing users to do specific stuff as the superuser, rather than having to grant the person access to the root account. /etc/sudoers is the file where you can, for example, lock joeblow down to simply restarting that daemon, or allowing joeblow to do anything he wants as root. Another nice thing about sudo is that in an environment where you have several users doing things as root, the sudo log gives you a nice audit trail of which admin user did what, when, rather than trying to infer it as you do when you have a shared root password that too many people know. Finally, no discussion of sudo would be complete without a link to the following: http://xkcd.com/149/ |