sudo vs. su

One of the things that makes Linux more secure than some operating systems is a permission system and separate logins. This adds the complication that some administrative tasks must be done using the administrator login (called root) but that is a small price to pay for the added level of security.

Different Linux distributions offer different ways to become root to perform these administrative tasks. The differences are not complicated to understand and there are valid reasons for each approach. In this article TUX explains these differences and how to get the job done using the various approaches.

If your system presents you with a graphical login screen (SuSE and Debian are two examples) then you would expect that logging in as root instead of your personal login would be the approach. While it can be done, it is the most dangerous approach from a security point of view.

Once you have logged in you will be running your typical graphical interface but with system-wide permissions. This means an inadvertent mistake could have systemwide consequences. For example, you could drag an important system file or program to the trash can. Without your typical user-level restrictions, the file would be removed and the system could quickly come to a grinding halt.

SuSE systems warn you that you are the root user by displaying a red background with bombs on it but this is just a warning to you to be careful. The system isn't checking your work so it is up to you not to make a mistake or you will just pay the consequences. A better solution would be to have you use your normal login for most of the work but be able to temporarily become the administrator as needed.

YAST, SuSE's graphical administration program offers a level of protection. You can start YAST from the menu and it prompts you for the root password and then keeps you within its graphical environment. Thus, you at least have the level of hand-holding that YAST offers before you can make a fatal mistake. But, besides still having the ability to make a mistake, a bug in the YAST software itself could result in system damage.

The real goal is to do the various tasks with the minimum permissions that allow the task to be performed. For geeks, Linux (and UNIX) has always had the su or substitute user command. This means that from the command line, you could become the administrator or any other user as long as you had the appropriate password. No need to log out and back in.

The most common place where this capability would be used in in building new software from source code. Typically, this is done by running three commands, ./configure, make and make install. Only the last one of these commands (make install) needs to be run as the administrator. Thus, from the command line, the user can use the su command before running make install to run only the one command as root. Not much overhead for a large amount of added security.

While this approach is a lot safer than just logging in as root, you still must remember to exit the administrator level with either exit or Control-D to get you back to your own user permissions. That means forgetting a step or just being lazy can be dangerous. A safer approach would be to require you to take action each time you want to run a command as root.

Enter the sudo command. Unlike su, sudo changes your permissions for only a single command. Once that command completes your permissions revert back to the ones you had when you logged in. Note that while sudo has additional capabilities, 99% of the time this is all you want. For the geeks out there, read the sudo man page by entering man sudo in a terminal window.

Using sudo, the build sequence described above just becomes ./configure, make and sudo make install. No other changes other than adding sudo to the third command and no need to exit to get back to your normal user permissions.

Both the Knoppix and Ubuntu/Kubuntu distributions don't include the su command nor do the have root logins. The only way to get administrator privileges at the command-line level is to use sudo. With Knoppix running from a live CD there are no user logins so sudo happens with no questions asked.

With Kubuntu, it works a bit different. When you enter the sudo command for the first time, you will be prompted for a password. What password? Yours. That is, the password you normally use to log in. This is to prevent someone walking over to an unattended system from getting root access. In order to make it more convenient to do a series of commands as root, Kubuntu remembers that you have run as root recently and doesn't require the password. But, after a short idle period, you will be asked for it again.

Hopefully this article has filled in your knowledge on how to get administrator access. The most important information in this article is, however, to always try to do as much as possible without administrator permissions. Using this approach you will find that you say "Oops!" a lot less often.

admin - Mon, 2005-08-15 08:08.
Categories:

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Sudo has its place, but ...

I have a standalone computer connected to the internet. What is the point of sudo? I would have to go in as root in order to create the list of commands that I can use via sudo.

Also if access to system altering commands are available on my password, would that not be dangerous if/when someone starts writing malware for Linux?

Now if I were a system administrator, with loads of users, and I wanted to let them have a narrow, specific list of tasks, each with their own list, then sudo makes sense. However, in a Standalone distro all it does is give a false sense of security.

davecs (not verified) - M - , 2005-09-05 06:01.

You can write malware for su

You can write malware for su and sudo, both. For instance:

sudo /some/nasty/command

or

su /some/nasty/command

BOTH will alert you and ask for password. The difference is that sudo will ask you your password, and su root's. First one is obvius and only solution for desktop machines. Users don't want to know 2 password for one account they use. On the other hand, su is great for server enviorment. That's why ubuntu will setup sudo system on 'normal', desktop, installation. But, when you do server installation, it will ask you for a root password.

IMHO, ubuntu has the best solution.

An - ymous (not verified) - M - , 2005-09-05 10:28.

That's the point!

ie someone who does not have the root password cannot mess up when using "su" as they cannot use it at all.

So I can mess up my personal system because I own it and I am "root" as well as being "me".

However someone on a multiuser system can only do what they are authorised to do.

So what's the point of sudo on a single-user system? I can see none. My normal access is just so that some remote hacker, if they succeed in getting past my firewall and the fact I'm using Linux, can't damage my system.

Actually my data is far more valuable, it takes me about 20 minutes to install PCLinuxOS from scratch. But my /home partition is vulnerable, and I must admit I am more worried about that!

davecs (not verified) - M - , 2005-09-05 17:25.

You can change the

You can change the permissions for any data that you feel needs the security. If you have important documents you can make it so that only root can have read access.

An - ymous (not verified) - Thu, 2005-09-29 18:45.

sudo vs su

Ubuntu 5.04 DOES have the su command.

An - ymous (not verified) - Fri, 2005-08-26 16:09.

Sudo and Ubuntu/Kubuntu

Ubuntu/Kubuntu have su. You just can't use it by default. You can create a root password and enable it if you want to.

By default Ubuntu/Kubuntu configures sudo to let everyone use sudo to run everything - and I mean everything. You can sudo root any program - there are no restrictions. You can even easily get to a root prompt with the command: "sudo -s -H", after which you enter your user password. At that point, you ARE root, and can do anything you want. So the Ubuntu/Kubuntu approach may be enough for typical desktop users who don't know how weak the Ubuntu/Kubuntu approach is, but anyone with any Linux savvy will quickly figure out they can do whatever they want as root.

It's still a step in the right direction. What I'd really like to see is a desktop distro that forces you to define an administrator account AND a user acount. It configures sudo to allow only the admin account to run things with sudo. And it restricts what the admin can run to system configuration/installation tools - not just *anything*. So you have a double restriction -- only an admin account can sudo, and even that account can only sudo the necessary stuff (config, install, etc.).

Obviously, it would have to provide a way to bypass all of this if you're a pro and can handle root access. But the above would be the default setup.

It wouldn't be easy to create a distro like that, and the dist-upgrade process would probably have to modify the sudo config regularly. But it would be as close to a bulletproof desktop as I can imagine - perfect for users who know enough to get themselves in trouble, but not out of trouble.

Nicholas Petreley (not verified) - M - , 2005-08-22 08:43.

sudo has additional capabilities...

      I believe a very significant use for sudo is to enable ordinary users to execute commands that normally require root privileges without knowing the root password. sudo can be configured to allow certain people or groups to execute certain commands. With proper use it is possible to create users that have much more power than normal users and much less power than root.
      If you find yourself doing a certain job over and over for other users just because they don't have root access you might consider setting the task up in sudo to allow them to do it themselves. I have used sudo to allow users to kill erroneous print jobs that they do not own.

Darryl Scroggins (not verified) - Tue, 2005-08-16 11:06.

Pre-Linux Understanding User Accounts

Aside from basic functionality, I cannot think of a more important topic that the management of various levels of privilege. In hopes that this will see further development in the Linux Distro Matrix, so I (as a pre-Linux user) can obtain a very good understanding of what might work best, I thank the author for his article and the valuable information it contains.

An - ymous (not verified) - Tue, 2005-08-16 06:50.

Never heard of 'su -c'?

I really don't understand all this buzz about sudo vs. su. If you just want to drop privileges after you have executed a command as root, you can as well run 'su -c'. In your above example, it's

su -c './install'

This is a lot safer than using sudo, since you still must know the root password.

biagio (not verified) - Tue, 2005-08-16 01:51.

su is a hammer; sudo is a scr

su is a hammer; sudo is a screwdriver. su is superior for driving nails; sudo is superior for driving screws. Neither can be said to be superior to the other on general terms. Use the appropriate tool for the appropriate job.

syberghost (not verified) - Fri, 2005-09-09 12:32.

Re: Never heard of 'su -c'?

Acutally you need to supply the password of the user currently logged in, and not the root password.

Tehmul (not verified) - Tue, 2005-08-16 05:01.

With sudo you are right. With

With sudo you are right. With 'su -c' no: you need the root password. In my opinion the latter option is much safer.

biagio (not verified) - Tue, 2005-08-16 05:37.

su -c is not safer at all if

su -c is not safer at all if you want to give a specific user, or group access to run only one command as root. You don't want to give them the root password. You setup sudo to allow them access to the relevant command.

An - ymous (not verified) - Tue, 2005-08-16 18:46.

You are missing his/her point

I believe you are missing Biagia's point: as admin, it's easier and less risky simply to use the su -c, he/she didn't mean for you to give the admin password to anyone, let alone a group.

An - ymous (not verified) - Wed, 2005-08-17 08:54.

We both know that there are o

We both know that there are other ways than using sudo and so for doing that, but we are really digressing here. The point is: the issue sudo vs. su is silly, we are all mature and we can decide for ourselves what to use. Linux is about freedom and choice. Don't take them away by blindly removing commands and possibilities, just because joe user could make a mistake if they're there. Personally I like su and (I hear you cry) I do login sometimes (when I feel it spares me time) as root. So what? In 10+ years I have never ever damaged my system. Personally I would stay clear of distribution that remove the root account in favour of sudo and similar. But this is just my opinion.

biagio (not verified) - Wed, 2005-08-17 02:02.

What's all the fuss?

What's all the fuss? If you have a distro that defaults to sudo and you want to use su instead, then just enable the password for root and go at it. For anyone reading this who doesn't know how to enable the root password, well, then you should stick with sudo.

An - ymous (not verified) - Thu, 2005-08-18 14:29.

Not entirely true

The statement about Ubuntu/Kubuntu not having the su command isn't entirely true...you can still run sudo su. Good news for those of us using Ubuntu longing for our normal root user, however unsafe it may be.

Matt (not verified) - M - , 2005-08-15 20:00.

Sudo or su in Ubuntu

a) In Ubuntu Linux you can gain "root" promt by this command
$ sudo -s
(or do: $ sudo -s -H)

Password:xxxxxxx <---- Password for the (normal) login user!
root@angela1:/home/moma #

root@angela1:/home/moma # id
uid=0(root) gid=0(root) groups=0(root)

# pwd
/home/moma <--- Not changed
----------------------------------------
.
b) By default the "root" account is disabled in Ubuntu, but you can re-open it by giving it a new password.
$ sudo passwd root
.
And "su" command should work now
$ su - root
.
# id
uid=0(root) gid=0(root) groups=0(root)
.
# pwd
/root

"-" specifies that the process environment (shell variables and $HOME) is to be set as in root login. It runs root's $HOME/.bashrc file.
------------
Or type
$ su root
This will not change the environment (shell variables or $HOME), Neither ~/bashrc is run.
----------------------------------------

Be aware that having an _active_ root account is a possible security risk.
Please read about the benefits of sudo...

So after playing with "su -", you ought to lock the root-account by typing this command: (it's l as in Locked).
$ sudo passwd -l root
Password changed.
--
Locked account has a "!" in the password field.
$ sudo cat /etc/shadow | grep root

List status
$ sudo passwd -S root
root L ..... <-- Locked

Now your master is "sudo" only ;-)
JUST DO NOT EMPLOY THE -d OPTION.

Sincerely
Moma
http://www.futuredesktop.org/AsteriskPBX.html

moma (osmo) (not verified) - Tue, 2005-08-16 12:25.

a) In Ubuntu Linux you can ga

a) In Ubuntu Linux you can gain "root" promt by this command
$ sudo -s
(or do: $ sudo -s -H)

Password:xxxxxxx <---- Password for the (normal) login user!
root@angela1:/home/moma #

root@angela1:/home/moma # id
uid=0(root) gid=0(root) groups=0(root)

# pwd
/home/moma <--- Not changed
----------------------------------------

b) By default the "root" account is disabled in Ubuntu, but you can re-open it by giving it a new password.
$ sudo passwd root

And "su" command should work now
$ su - root

# id
uid=0(root) gid=0(root) groups=0(root)

# pwd
/root

"-" specifies that the process environment (shell variables and $HOME) is to be set as in root login. It runs root's $HOME/.bashrc file.
------------
Or type
$ su root
This will not change the environment (shell variables or $HOME), Neither ~/bashrc is run.
----------------------------------------

Be aware that having an _active_ root account is a possible security risk.
Please read about the benefits of sudo...

So after playing with "su -", you ought to lock the root-account by typing this command: (it's l as in Locked).
$ sudo passwd -l root
Password changed.
--
Locked account has a "!" in the password field.
$ sudo cat /etc/shadow | grep root

List status
$ sudo passwd -S root
root L ..... <-- Locked

Now your master is "sudo" only ;-)
JUST DO NOT EMPLOY THE -d OPTION.

Sincerely
Moma
Asterisk PBX...

An - ymous (not verified) - Tue, 2005-08-16 12:30.

Root login in Ubuntu

You can enable a root log-in in Ubuntu/Kubuntu.

Have a look here:
http://ubuntuforums.org/archive/index.php/t-31053.html

Gord - (not verified) - Tue, 2005-08-16 01:37.

Security FUD

usually you don't need to run as anything other than root; if you've sat up your firewall right. then you just add libtrash to catch all those unfortunate rm -f 's
. Security is overhyped in the linux world. A knowledgeable windows->linux desktop convert just need the above to stay safe, and consequently: never has to fuss around with permissions ... Now servers, are another matter entirely :)

An - ymous (not verified) - Sun, 2005-09-04 04:32.

I know this story had been

I know this story had been told a zillion times, but I learned the hard way why I shouldn't be logged in as root unless I need to.

I once had some reason to issue rm -rf /something/something/something, but mistyped it. rm -rf / something/something/something. Notice that space.

Issued the command, and after 3 seconds, not having finished, I was wondering what was going on...

Looked up at the command I had issued, and I was shocked.

ctrl+c'd out of it as fast as I could, and luckily I was able to salvage most everything, but since then, I've never logged as root when I don't need to.

An - ymous (not verified) - Tue, 2006-01-10 00:12.

Are you joking?

Security is underhyped in the Windows world. Most of the maliscious software that Windows users are exposed to, wouldn't be harmful to the core OS if they just used something like sudo (the way Ubuntu does). Sure XP lets you set limited access accounts but having to swith between logins in windows to do administator tasks is to much of a hassle.

An - ymous (not verified) - Sat, 2005-10-01 18:51.

Say what?

I can't offer an intelligent reply to this because it makes no sense. But, I feel obligated to say that doing anything as root that you don't have to is a huge mistake.
fyl - Sun, 2005-09-04 08:33.

Unclear....

THe differance is stillunclear to me as i am still new to linux. I am still evaluating distro's. I found that using sudo -s is alot easier than mandrake su or logining in as root( AI have found no need for this). Sudo has no control structure but has ease of use as far as usage. In my opinion. su is for more expieranced users. sudo is more for beginners.

An - ymous (not verified) - Thu, 2006-04-06 04:50.