12

I am able to run anything using sudo; my password is accepted. But whenever I try to do su from a shell, it fails with:

su: incorrect password

What can the problem be?

Michael Mrozek
  • 93,103
  • 40
  • 240
  • 233
Lazer
  • 35,307

2 Answers2

22

su means substitute user and if it is called without any arguments you will become the superuser. Therefore you have to enter the root password.

This is some kind of unhandy if many people need to use commands for the system administration or similar stuff with extended user rights. You just don't want that people have unlimited rights by sharing all the same root password.

The solution for this kind of problems is sudo ("substitute user do"). This will allow you to specify the commands someone can invoke and define the permissions. For sudo you don't have to enter the root password, but the password of the user who tries to invoke a sudo command.

Some distributions have the root user disabled for security reasons. This could be one explanation why you aren't able to use su. In that case, to obtain a shell with root privileges use sudo -s ;-)

Stéphane Gimenez
  • 28,907
echox
  • 18,103
  • 5
    It is recommended to do that last bit as sudo su - where the dash means set the environment according the the user's (in this case root's) login profile. This usually affords a slight increase in PATH security but still doesn't protect against echo hi > /dev/my_critical_filesystem – msw Sep 07 '10 at 17:44
  • aaah forgot this one :-) thx for the addition! – echox Sep 07 '10 at 18:13
  • @echox: Then, is there any difference between $ script and $ sudo script? The user is the same in both the cases. – Lazer Sep 07 '10 at 19:42
  • sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. - from man sudo. Usually the script will be invoked with root privileges. That is the difference. – echox Sep 07 '10 at 20:52
  • I dont like "su -" as it changes my cwd. – Chris Sep 07 '10 at 23:15
  • 1
    @Chris: unfortunately, that's required if you want to inherit the entire root user environment, including its PATH. Incidentally, I just found out that "sudo -s", which I commented on above but have now removed, is more equivalent to "sudo su", without the dash: no change to CWD, no change to PATH. – Warren Young Sep 08 '10 at 10:18
7

The su command without options, will default to allow you to become the root user. It isn't asking for your password, but the root password.

The sudo command always asks for your password.

Matthew Brannigan
  • 301
  • 2
    as a side note, if you use Ubuntu, by default has the root password locked, so you may not know the root password https://help.ubuntu.com/community/RootSudo – phunehehe Sep 07 '10 at 15:12
  • 3
    "The sudo command always asks for your password." Actually that's configurable. It may also be configured to ask for the root password or the password of the target user (or for no password at all). – sepp2k Sep 08 '10 at 09:33