Home » Questions » Computers [ Ask a new question ]

What's the difference between the commands "su -s" and "sudo -s"?

What's the difference between the commands "su -s" and "sudo -s"?

What is the difference between the two super user commands, su -s and sudo -s?

Asked by: Guest | Views: 377
Total answers/comments: 4
Guest [Entry]

"su is a command to change to another user, either to run a shell or execute a specific command. You must authenticate as the other user. If you want to su to root, you need the root password.

sudo is a command to execute another command (optionally a shell) as a different user. You must authenticate as your own user. Permission to use sudo (and the specific things you can do with it) are specified by an administrator in the sudoers file.

If you give someone access to su (by, for example, giving them the root password), then they can do anything with it – run other commands, open a shell, change the password, login remotely via ssh, and so on. You're essentially giving them access to the other account, with 'su' being just one thing they can do with it.

sudo is much more fine-grained. You can grant privileges to a user, or to a group. You can allow a user or group to sudo within a certain timeframe (e.g. Monday to Friday, 9 AM to 5 PM). You can specify a specific list of commands they're allowed to run (e.g. only /usr/local/bin/run_backup) or you can specify a specific user they're allowed to run commands as (e.g. www, backup, staff, etc).

Besides its flexibility, sudo is a better solution in all cases, because it doesn't require access to anything the user doesn't already have. If you give someone sudo access, you can revoke it by removing their line in the sudoers file, or removing them from the sudoers group. If you delete their account, their access is gone.

If you give them the root password, even assuming they don't do anything unpleasant with it, then they will know it forever. If you have multiple people who need root access for administrative tasks, this means either changing all the root passwords whenever someone leaves, or assuming that it's ok for them to have full access to your systems after you leave."
Guest [Entry]

"One thing that isn't getting said fully is this: which one you can use often depends on what distribution you're using and who runs it. One or the other (su or sudo) is probably not set up for full use by default. So for example, as some people have mentioned, OS X and Ubuntu disable the root account (su) by default. Equally, Debian does not give regular users any default privileges to sudo. (On all these systems, you can change these defaults, but only if you have some kind of administrative privileges to begin with. I suppose we're talking about a non-server situation and you administrate the machine since we're on SU rather than SF, but just in case.)

Finally, if you want to use sudo in a more fine-grained way, you should look at man sudoers for how to edit the /etc/sudoers file. However, you should never edit it by hand. Use the program visudo - it will prevent you from saving your edits unless they are at least minimally sane. It's a great safeguard against simple errors which could lock you out of your own system's admin privileges."
Guest [Entry]

"On systems where the superuser account is disabled, such as Mac OS X, su will not work; sudo -s will.

Also, it appears there is no su -s available, at least on my machine."
Guest [Entry]

This introduction may help you. su is shorthand for su root, and you keep your rights as the other user indefinitely. More dangerous, but also more convenient if you're doing many root-access commands over a period of time.