The Differences between Sudo and Su in Linux.
In Linux, there are a number of ways to acquire a root session. This can cause some confusion since most new users are unfamiliar with how each command can grant root access, how they differ, and when these differences matter. For instance, in the *nix environment, becoming root permanently via su is a well-known 'no-no-no.' Why? Because su makes you root, which is the same as getting into a terminal as the root user and entering the root's password. And this is dangerous!
When you work as a root, you have the power to:
- Remove any or all files
- Change the permissions of any or all files
- Change the runlevel of the system
- Alter user accounts
- Mount or unmount filesystems
- Remove or install software
- Create, remove, and alter file systems
As the root user, you have complete control over the system. It's the administrator account with all the privileges. You won't for example get a: "Are you sure?" popup to confirm that the rm -rf * command you just did was in /var/tmp/cache rather than in the Root Directory /. As you might expect, mistakes performed as the root user are often irrevocable and catastrophic. Basically, as the root user, you have complete access to the system. It is the administrator account with all-powerful privileges.
root user
To run commands with root privileges, both su and sudo can be used. The root user has full permissions thus can do anything to the system. Regular users have limited rights — they can't install software or write to system directories, for example. If they want to do anything that requires these permissions, they'll need to use su or sudo.
sudo
Sudo, which stands for "superuser do" is a command that allows you to run an elevated prompt without changing your actual identity. You can issue single commands as root or as another user, depending on the settings in the /etc/sudoers file. You must always use the sudo command to continue performing commands with root privileges. Let's say we want to install the MariaDB package, we run:
$ apt install mariadb
OUPUT
E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission denied)
E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?– an error message was generated since we are not root or in the sudo group. Instead, if we run:
$ apt install mariadb
[sudo] password for minerva:
– you will be asked to type your password, and then you can run the command if you are a part of the sudo group.
su
su, on the other side, is an acronym for substitute user. You're essentially moving to a different user account, and you'll need the password for that account. The root account is usually the one you switch to, however, it can be any account on the system.
here are some examples,
$ su -
Password:
– we are switching to root and we need the root password. The (-) switch provides us with the root's environment (path and shell variables) rather than simply giving us root user power for a single command while keeping our own environment.
$ su rover
Password:
OUPUT
rover@VirtualMonkey /home/minerva <<
% pwd <<
/home/minerva <<– here, we are switching to rover, and so you need rover's password unless we are root.
If we want to switch to the rover user account including rover' path and environment variables, use the (-) switch:
$ su - rover
Password:
OUTPUT
rover@VirtualMonkey ~ % pwd <<
/home/rover <<
The (-) switch has the same effect as logging into a system directly with that user account. In other words, you take on the role of the user.
Additionally, it is advisable to stick to sudo when performing tasks that require root privileges. By doing so, the current user is only granted privileged for the specified command. On the other hand, su switches to the root user completely, exposing the entire system to potential accidental modification.
Bonuses
To run a single command as the root user with su, run the following command:
$ su -c 'command'The above command is comparable to running a command with sudo, except instead of your current user account's password, you'll need the root account's password.
Enabling the Root User in Ubuntu
If you are using an Ubuntu-based distribution and try to switch to the root user, the output informs you there is an Authentication failure. That's because the root user account is disabled by default to improve the security of the system.
$ su
Password:
su: Authentication failureTo enable the root user account on Ubuntu, run the passwd command:
Keep in mind that we strongly advise against it.
sudo passwd root
– sudo will prompt you for your current user account’s password before you can set a new password.
sudo passwd root
New password:– verify the root user is active by switching to it its login shell with su -.
su -
Password:
~#Use your new password to log in as root from a terminal login prompt or with the su command.
REMEMBER !!!
You should never run a full graphical environment as the root user – This is a very, very poor security practice.