A root user can have all the privileges. But a normal user can gain access like a root with su or sudo command and their own password.
So what's the difference?
Add a comment
|
6 Answers
The su (and sudo) command traditionally require root's password. However, you can setup sudo so that ordinary users can achieve root privileges with their own password by modifying /etc/sudoers (as root, preferably with visudo).
Modern Linux distributions preconfigure the first user to be able to sudo with her own password. This prevents accidental system malconfiguration by the user, and enables them to gain full control without the need of a separate root password.
-
2You should use « visudo » instead of editing manually /etc/sudoers - the syntax will be checked before saving which could save you some trouble.– NicolasCommented Jun 19, 2011 at 19:43
-
@Nicolas Updated to include that. But I wanted to point out that the file is written automatically by modern distributions.– phihagCommented Jun 19, 2011 at 20:37
A normal user can only gain root access with sudo if they are in the sudoers file (meaning they are trusted enough to gain admin permissions on demand). In a production environment, almost nobody should be a sudoer.
-
Depending on your definition of root access, this isnt exactly correct. Adding a user to the sudo group allows using
sudo -iandsudo -sto get a shell as a root user, without changing /etc/sudoers with visudo. This can allow adding nologin to the root user in /etc/passwd, to disable brute force attacks on root user through ssh, while still providing good utility for the (home?) user similar to the redhat wheel group.– alchemyCommented Jan 11, 2022 at 2:10
The su command it to temporary change an identity to any user on a system and execute many programs with his/her/its permissions. It doesn't have to be the root. If the user executing su isn't the root, he have to enter the password of the user he want get identity.
The sudo command is to execute one command with permissions of any user. It doesn't have to be the root too. The command is very configurable and provide some kind of precise access control. The entering own password is optional and configurable. Some distribution let the first user of the system to execute with sudo everything.
To add to the above answers,
su user1 with the user's password shall switch your credential to user1 till you type exit
just su shall assume root by default.
sudo as mentioned in other answers, can be granted to trusted users and a ristricted set of commands. moreover, sudo can be configured to log commands executed. This is a good way to track misuse of privilege.
answered Jun 19, 2011 at 21:05
Not all normal users can use sudo, they have to be in the sudoers file and you can control which commands or types of commands the user can execute. Also, only certain users can use su to switch to the root user. Normally you would only have sudo permissions for a limited set of commands and full su permissions for a limited period of time.
-
3pretty sure all users can use su, they will just need the password of the user they are switching to. Commented Jun 19, 2011 at 16:37
-
1Traditionally, BSD's require one to be in the wheel group to allow using su to become root. This can be configured on Linux as well, but is not standard. Commented Nov 2, 2011 at 0:03
Only users with super-user privileges can sudo or su, normal users cannot. This is configured in /etc/sudoers, which should always be edited with visudo.
The benefits of this system are:
- Its easy for a privileged user to run commands as root only when needed,
- makes it harder to guess the root username (e.g., if a simple ssh bot tried logging into a system
rootwould be the first login name to guess). - Multiple users on a shared system can have root permissions, without needing to share passwords.
