14
4
A root user can have all the privileges. But a normal user can gain access like a root with su or sudo command and their own password.
So what's the difference?
Hieu Nguyen
Posted 2011-06-19T16:31:07.330
Reputation: 805
What is different between root and sudo?
Answers
7
The su (and sudo) command traditionally require root's password. However, you can setup sudo so that ordinary users can achieve root privileges with their own password by modifying /etc/sudoers (as root, preferably with visudo).
Modern Linux distributions preconfigure the first user to be able to sudo with her own password. This prevents accidental system malconfiguration by the user, and enables them to gain full control without the need of a separate root password.
phihag
Posted 2011-06-19T16:31:07.330
Reputation: 2 557
3
A normal user can only gain root access with sudo if they are in the sudoers file (meaning they are trusted enough to gain admin permissions on demand). In a production environment, almost nobody should be a sudoer.
Tremmors
Posted 2011-06-19T16:31:07.330
Reputation: 273
3
The su command it to temporary change an identity to any user on a system and execute many programs with his/her/its permissions. It doesn't have to be the root. If the user executing su isn't the root, he have to enter the password of the user he want get identity.
The sudo command is to execute one command with permissions of any user. It doesn't have to be the root too. The command is very configurable and provide some kind of precise access control. The entering own password is optional and configurable. Some distribution let the first user of the system to execute with sudo everything.
Michas
Posted 2011-06-19T16:31:07.330
Reputation: 178
2
To add to the above answers,
su user1 with the user's password shall switch your credential to user1 till you type exit
just su shall assume root by default.
sudo as mentioned in other answers, can be granted to trusted users and a ristricted set of commands. moreover, sudo can be configured to log commands executed. This is a good way to track misuse of privilege.
Lord Loh.
Posted 2011-06-19T16:31:07.330
Reputation: 896
1
Not all normal users can use sudo, they have to be in the sudoers file and you can control which commands or types of commands the user can execute. Also, only certain users can use su to switch to the root user. Normally you would only have sudo permissions for a limited set of commands and full su permissions for a limited period of time.
ldg
Posted 2011-06-19T16:31:07.330
Reputation: 119
3pretty sure all users can use su, they will just need the password of the user they are switching to. – Grady Player – 2011-06-19T16:37:05.477
1Traditionally, BSD's require one to be in the wheel group to allow using su to become root. This can be configured on Linux as well, but is not standard. – Jaap Eldering – 2011-11-02T00:03:21.940
-2
Only users with super-user privileges can sudo or su, normal users cannot. This is configured in /etc/sudoers, which should always be edited with visudo.
The benefits of this system are:
- Its easy for a privileged user to run commands as root only when needed,
- makes it harder to guess the root username (e.g., if a simple ssh bot tried logging into a system
rootwould be the first login name to guess). - Multiple users on a shared system can have root permissions, without needing to share passwords.
dr jimbob
Posted 2011-06-19T16:31:07.330
Reputation: 504
2You should use « visudo » instead of editing manually /etc/sudoers - the syntax will be checked before saving which could save you some trouble. – Nicolas – 2011-06-19T19:43:35.347
@Nicolas Updated to include that. But I wanted to point out that the file is written automatically by modern distributions. – phihag – 2011-06-19T20:37:25.643