- What’s the Difference Between Sudo and Su in Linux?
- The key difference between sudo and su is sudo runs a command as root, whereas su makes you root. Much like other command line utilities there are a number of alternative ways to use both sudo and su , if you're interested you can always run man
eg. man sudo to get more information..
- Linux System is much secured than any of its counterpart. One of the way to implement security in Linux is the user management policy and user permission. normal users are not authorized to perform any system operations.If a normal user needs to perform any system wide changes he needs to use either ‘su‘ or ‘sudo‘ command.
‘su’ Vs ‘sudo’
- ‘su‘ forces you to share your root password to other users whereas ‘sudo‘ makes it possible to execute system commands without root password. ‘sudo‘ lets you use your own password to execute system commands i.e., delegates system responsibility without root password.
- ‘sudo‘ is a root binary setuid, which executes root commands on behalf of authorized users and the users need to enter their own password to execute system command followed by ‘sudo‘.
- We can run ‘/usr/sbin/visudo‘ to add/remove the list of users who can execute ‘sudo‘.
- The sudo list looks like the below string, by default:
- root ALL=(ALL) ALLNote: You must be root to edit /usr/sbin/visudo file.
- Editing ‘/usr/sbin/visudo’ file to something like the below pattern may really be very dangerous, unless you believe all the listed users completely.
- root ALL=(ALL) ALLadam ALL=(ALL) ALLtom ALL=(ALL) ALLmark ALL=(ALL) ALLParameters of sudo
- The Syntax of configured ‘sudo‘ line is:
The above Syntax can be divided into four parts:
Some of the Situations, and their corresponding ‘sudo‘ line:
- User_name: This is the name of ‘sudo‘ user.
- Machine_name: This is the host name, in which ‘sudo‘ command is valid. Useful when you have lots of host machines.
- (Effective_user): The ‘Effective user’ that are allowed to execute the commands. This column lets you allows users to execute System Commands.Command: command or a set of commands which user may run.
Some of the Situations, and their corresponding ‘sudo‘ line:
mark beta.database_server.com=(ALL) ALLQ2.
You have a user ‘tom‘ which is supposed to execute system command as user other than root on the same Database Server, above Explained.For the above situation the ‘sudo‘ line can be written as:
mark beta.database_server.com=(tom) ALLQ3.
You have a sudo user ‘cat‘ which is supposed to run command ‘dog‘ only.
To implement the above situation, we can write ‘sudo’ as:
To implement the above situation, we can write ‘sudo’ as:
mark beta.database_server.com=(cat) dogQ4.
- What if the user needs to be granted several commands?
If the number of commands, user is supposed to run is under 10, we can place all the commands alongside, with white space in between them, as shown below:
mark beta.database_server.com=(cat) /usr/bin/command1 /usr/sbin/command2 /usr/sbin/command3 ...
If this list of command varies to the range, where it is literally not possible to type each command manually we need to use aliases. Aliases! Yeah the Linux utility where a long-lengthy command or a list of command can be referred as a small and easy keyword.
A few alias Examples, which can be used in place of entry in ‘sudo‘ configuration file.
User_Alias ADMINS=tom,jerry,adamuser_Alias WEBMASTER=henry,markWEBMASTERS WEBSERVERS=(www) APACHECmnd_Alias PROC=/bin/kill,/bin/killall, /usr/bin/top
A few alias Examples, which can be used in place of entry in ‘sudo‘ configuration file.
User_Alias ADMINS=tom,jerry,adamuser_Alias WEBMASTER=henry,markWEBMASTERS WEBSERVERS=(www) APACHECmnd_Alias PROC=/bin/kill,/bin/killall, /usr/bin/top
It is possible to specify a System Groups, in place of users, that belongs to that group just suffixing ‘%’ as below:
%apacheadmin WEBSERVERS=(www) APACHEQ5.
- How about executing a ‘sudo‘ command without entering password?
We can execute a ‘sudo‘ command without entering password by using ‘NOPASSWD‘ flag.
adam ALL=(ALL) NOPASSWD: PROCS
Here the user ‘adam‘ can execute all the commands aliased under “PROCS”, without entering password.
“sudo” provides you a robust and safe environment with loads of flexibility as compared to ‘su‘. Moreover “sudo” configuration is easy. Some Linux distributions have “sudo” enabled by default while most of the distros of today needs you to enable it as a Security Measure.
“sudo” provides you a robust and safe environment with loads of flexibility as compared to ‘su‘. Moreover “sudo” configuration is easy. Some Linux distributions have “sudo” enabled by default while most of the distros of today needs you to enable it as a Security Measure.
- To add an user (bob) to sudo just run the below command as root.