The difference between Linux commands su and sudo

Introduction and main usage of su command

First, I need to explain what su means.
su means "switch user"

The general usage of su is:

su  <user_name>
su - <user_name>
su - -c "string of commands"  # Execute "instruction string" as root
[zhangsan@localhost root]$ su - -c "tail -n 10 /etc/passwd"
password:   #Enter the root user password
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:997:User for polkitd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

There is only one character difference between the two methods - there will be a big difference:

If the - parameter is added, it is a login shell method, which means switching to another user < user_ After name >, the current shell will load < user_ Name > corresponding environment variables and settings;

If the - parameter is not added, it is a non login shell method, which means that I now switch to < user_ Name >, but the current shell still loads the environment variables and various settings of the user before switching

Introduction and main usage of sudo command

The full English name of sudo is super user do, that is, execute commands as a super user (root user). Sudo here is different from the switch user represented by su

  • Main usage

We often encounter Permission denied in Linux, such as viewing the contents of / etc/shadow as a user of zhangsan. Because the contents of this file can only be viewed by the root user

[zhangsan@localhost root]$ tail -n 3 /etc/shadow
tail: Cannot open"/etc/shadow" Read data: insufficient privilege
[zhangsan@localhost root]$ sudo !!
sudo tail -n 3 /etc/shadow
[sudo] zhangsan Password for:

ps: in the example, we use sudo!! This little trick means repeating the command entered above, but adding sudo at the beginning of the command

Because I have set the sudo command without entering a password, so here is sudo!! The content can be directly output. If it is not set, you need to enter the password of the current user. For example, in this example, I should enter the login password of the ubuntu user.

If the interval between two adjacent sudo operations is within 5min, it is not necessary to re-enter the password for the second sudo input; If it exceeds 5min, you need to enter the password when you enter sudo again. So a relatively easy way is to set sudo operation without password.

  • Switch to root
sudo su -

This method can also switch to the root user by login shell, but it is different from the su method by:
The former needs to provide the login password of the current user, that is, the password of the ubuntu user, after inputting sudo su -;
The latter needs to provide the login password of the root user after entering su -.

sudo -i

This command has the same effect as sudo su -. It is also required to switch to the root user and provide the login password of the current user.

Whether a user can use the sudo command depends on the settings of the / etc/sudoers file.
From the above / etc/shadow, we can see that zhangsan users can use sudo normally, because zhangsan ALL=(ALL) ALL is configured in the / etc/sudoers file

/etc/sudoers is also a text file, but because it has a specific syntax, we don't want to edit it directly with vim or vi. we need to use the command visudo. After entering this command, you can directly edit the file / etc/sudoers.
It should be noted that only the root user has permission to use the visudo command.

Comparison of differences between the two

  • Use su -, provide the password of the root account, and you can switch to the root user;

  • Use sudo su -, provide the password of the current user, or switch to the root user

Tags: Linux server bash

Posted by DWilliams on Fri, 09 Sep 2022 02:45:38 +0930