CIS120Linux Fundementals

sudo and su Commands

In Linux, su and sudo are powerful commands used to perform administrative tasks and execute commands with elevated privileges. Both commands are essential for system administration and security, enabling users to manage the system effectively while maintaining proper access control.

NOTE: You do not have permissions to use the su or sudo commands on the Cidermill server.

The su Command

The su command stands for "substitute user" or "switch user." It allows a user to switch to another user account in the system, including the superuser (root). When executed without any arguments, su defaults to switching to the root user. This command opens a new shell session as the specified user, maintaining their environment and permissions.

Basic usage of su:

su [username]

Switching to the root user:

su

This command prompts for the root user's password and, upon successful authentication, grants the user root privileges. The shell prompt changes to indicate the new user context, typically # for the root user.

Switching to a different user:

su alice

This command switches to the user alice, prompting for alice's password. The user now operates with alice's permissions and environment.

Starting a login shell with -:

su - alice

This command switches to alice and simulates a full login, loading alice's environment variables and shell configuration files, such as .bashrc and .profile.

The sudo Command

The sudo command stands for "superuser do." It allows a permitted user to execute a command as the superuser or another user, as specified by the security policy in the /etc/sudoers file. Unlike su, sudo does not switch the user context but runs a single command with elevated privileges. This approach enhances security by limiting the scope of administrative actions and reducing the risk of accidental system changes.

Basic usage of sudo:

sudo [command]

Executing a command as root:

sudo apt-get update

This command updates the package lists for upgrades and new packages. The user must authenticate with their own password, not the root password.

Running a command as a different user with -u:

sudo -u alice ls /home/alice

This command lists the contents of alice's home directory while running as alice.

Editing the sudoers file:

sudo visudo

This command opens the sudoers file in a safe editor, allowing administrators to configure permissions and security policies for sudo usage.

Differences Between `su` and `sudo`

Authentication: su requires the target user's password (typically root), whereas sudo requires the invoking user's password.
Scope: su opens a new shell session as the target user, while sudo executes a single command with elevated privileges.
Configuration: sudo is highly configurable through the /etc/sudoers file, allowing fine-grained control over which users can run specific commands as other users.

Examples

Using su to become root:

su
Password:
[root@linuxbox ~]#

The user switches to the root account and gains full administrative privileges.

Using su to switch to another user:

su alice
Password:
[alice@linuxbox ~]$

The user switches to alice, gaining alice's environment and permissions.

Using sudo to run a command as root:

sudo systemctl restart apache2
[sudo] password for user:

The user restarts the Apache web server with root privileges after authenticating with their password.

Using sudo to run a command as another user:

sudo -u alice ls /home/alice

The user lists the contents of alice's home directory, executing the command as alice.

Configuring sudo permissions:

sudo visudo

The administrator edits the sudoers file to grant specific permissions to users or groups, ensuring secure and controlled use of sudo.

Summary