Shulou(Shulou.com)06/01 Report--

Today, I would like to share with you the relevant knowledge points about the difference between Linux's su and sudo commands. The content is detailed and the logic is clear. I believe most people still know too much about this knowledge, so share this article for your reference. I hope you can get something after reading this article.

The main purpose of the Linux su command su command is to allow you to switch to another user in a logged-in session. In other words, this tool allows you to log in as another user without logging out of the current user.

The su command is often used to switch to a superuser or root user (because working from the command line often requires root privileges), but-as mentioned earlier-the su command can also be used to switch to any non-root user.

How to use the su command to switch to the root user, as follows:

Su commands without command line arguments

As mentioned above, the su command requires that the password entered is the password of the root user. Therefore, the general su command requires you to enter the password of the target user. After entering the correct password, the su command opens a subsession in the current session of the terminal.

Su-there is another way to switch to the root user: run the su-command, as follows:

Su-Command

So what's the difference between the su command and the su-command? The former still maintains the old (or original user's) environment after switching to the root user, while the latter creates a new environment (the environment set by the root user ~ /. Bashrc file), which is equivalent to logging in normally using the root user (login from the login screen).

The su command man page clearly illustrates this:

Optional parameters-the environment that can be provided is the environment in which the user logs in directly.

Therefore, you will find it more meaningful to use su-login. However, the su command is also useful, so you may want to know when it is used. The following is from the ArchLinux wiki website-about the pros and cons of the su command:

Sometimes it is better for system administrators (root) to use the Shell accounts of other ordinary users rather than their own root Shell accounts. Especially when dealing with user problems, the most effective way is to log in to the target user in order to reproduce and debug the problem.

However, in most cases, when switching from an ordinary user to a root user, it is undesirable or even dangerous to use the environment variables of the average user. Because you are inadvertently switching between environments that use ordinary users, when using root users for program installation or system changes, it will produce results that are not consistent with normal operations using root users. For example, the average user installer will give the average user the ability to accidentally damage the system or gain unauthorized access to certain data.

Note: if you want to pass more arguments after su-command, you must use su-l instead of su -. The following is a description of the-and-l command line options:

-`,`-l`, `- login provides the environment that users expect when logging in directly.

When using -, you must place it on the last option of the su command. The other options (- l and-- login) do not have this restriction.

Su-c also has a su command line option worth mentioning:-c. This option allows you to provide commands to run after switching to the target user.

The su command man page states as follows:

-c`, `--command COMMAND uses the-c option to specify the commands to be called by Shell.

The executed command cannot control the terminal. Therefore, this option cannot be used to execute interactive programs that need to control TTY.

Reference example:

In the su [target-user]-c [command-to-run] example, the command-to-run would be executed as follows:

The shell type in the [shell]-c [command-to-run] example will be replaced by the login shell type defined by the target user in the / etc/passwd file.

Sudo vs. Su now that we have discussed the basics of the su command, it is time to explore the difference between the sudo and su commands.

The biggest difference between the two commands about passwords is that the sudo command requires the password of the current user, and the su command requires the password of the root user.

Obviously, the sudo command is better in terms of security. For example, consider computers that are used by multiple users that require root access. In this case, using su means sharing the root user password with other users, which is obviously not a good habit.

In addition, if you want to revoke superuser / root access for a particular user, the only way is to change the root password and then inform all other users of the new root password.

Using the sudo command is different, and you can handle the above two situations very well. Since the sudo command requires you to enter another user's own password, there is no need to share the root password. At the same time, to prevent specific users from accessing root permissions, you only need to adjust the appropriate configuration in the sudoers file.

Default behavior another difference between the two commands is their default behavior. The sudo command only allows you to run a single command with elevated privileges, while the su command starts a new shell and allows you to run as many commands as possible with root privileges until you explicitly log out.

Therefore, the default behavior of the su command is risky because users are likely to forget that they are working as the root user and inadvertently make some irreversible changes (such as running the rm-rf command on the wrong directory! ). For more information on why you are not encouraged to work as a root user, please refer to here.

Logging although sudo commands execute commands as the target user (the root user by default), they use the user name configured by sudoer to record who executed the command. The su command cannot directly track what the user does after switching to the root user.

Flexibility the sudo command is much more flexible than the su command, because you can even limit which commands sudo users can access. In other words, users can only access the commands they need to work through the sudo command. The su command gives the user permission to do anything.

Sudo su is probably due to the risk of using the su command or logging in directly as the root user, so some Linux distributions (such as Ubuntu) disable the root user account by default. Users are encouraged to use the sudo command when root permissions are needed.

However, you can still successfully execute the su command without entering the password of the root user. Run the following command:

Sudo su because you use sudo to run commands, you only need to enter the password of the current user. So, once the operation is complete, the su command will be run as root, which means it will no longer ask for any passwords.

PS: if you want to enable the root user account on the system (strongly opposed because you can use the sudo command or the sudo su command), you must manually set the root user password, you can use the following command:

Sudo passwd root above is all the content of this article entitled "what's the difference between Linux's su and sudo commands?" Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.