9

I see a lot of posts out there that say you type in sudo su to get an interactive prompt with root privileges, and I see equally many posts debating the pros and cons over sudo -i vs sudo su.

Here I'm sitting scratching my head over why people don't just write su... After all su is short for subsitute user and switches to root by default, so is there really any need at all to write sudo su?

chaos
  • 48,171
Electric Coffee
  • 373

5 Answers5

8

If you can use simply su, you should.

But, in most modern (desktop-) Linux distributions (for example Ubuntu) the root user is disabled and has no password set. Therefore you cannot switch to the root user with su (you can try). You have to call sudo with root privileges: sudo su.

chaos
  • 48,171
  • I guess this is enabled on ubuntu servers.. because I can do it just fine on mine – Electric Coffee Aug 25 '15 at 20:37
  • 1
    @ElectricCoffee I don't know the ubuntu server version, but in the desktop version it's disabled. – chaos Aug 25 '15 at 20:39
  • 2
    -1 for "If you can simply use su, you should"; this is subjective at best, and bad advice at worst. Ideally, the use of sudo instead of su allows significantly more control over what a user is able to do with elevated privileges; and su without an extra dash is generally bad practice as it preserves the environment. – Rob Dec 31 '15 at 20:55
  • 1
    "If you can use simply su, you should." why ???? – binarym Nov 04 '19 at 10:14
  • @binarym see https://unix.stackexchange.com/a/218175/52727 – chaos Nov 04 '19 at 10:29
1

sudo su, sudo -i and all other sudo requires the users password.

su requires the root password.

ctrl-alt-delor
  • 27,993
  • wouldn't that make sudo su highly unsafe compared to simply using su? – Electric Coffee Aug 25 '15 at 21:40
  • @ElectricCoffee Both are unsafe: Having a root shell is unsafe; One slip of the fingers can cause a lot of damage. sudo is more secure that su, as sudo uses users password (note only those with appropriate privileges can use sudo), therefore we do not have to distribute a new root password every time someone leaves the group. – ctrl-alt-delor Aug 26 '15 at 07:14
  • Related: Why doesn't the sudo command need the root password? – G-Man Says 'Reinstate Monica' Aug 26 '15 at 19:31
  • 1
    @ElectricCoffee: Someone who has a sudo rule to run "su" with no password (or with their own password) has been explicitly given that permission by the sudoers configuration. The argument would be that a user's password is more secure than a shared root password. The same complexity rules can be enforced in both cases, but with each user having their own password, rotation does not require communicating the password out to those who need that password. One could use the rootpw or targetpw option on a sudo rule if one really wanted to retain classic su behavior with sudo's benefits. – dannysauer Aug 31 '15 at 17:52
1

Both programs are suid root. There is no reason to ever type sudo su except for the situation where one is unfamiliar with the -i and -E options to sudo, or otherwise in the habit of doing things as root without understanding why they're done. The su commands passes through a few hard-coded environment vars (or, on recent Linux, can use -p to pass through the entire environment), while sudo can control exactly which variables pass through (try $DISPLAY for a useful example). The su command can only prompt for the target user's password (assuming a default pam stack), while sudo can be configured to authenticate as the source or target user, or neither, or always root - and can do so per command. The su command resets $HOME, while sudo can decide based on the ruleset available. And that's one more forked process that doesn't need to exist. Meanwhile, sudo logs the commands that it runs, so as long as you're not just doing sudo -i or otherwise launching a shell, you can get a way better audit trail with sudo. When you run a command using sudo, it removes both . and empty elements in $PATH and then checks those last if they were present, preventing people from sticking a shell script named "ls" in /tmp and similar shenanigans. :)

Basically, sudo su is like nailing one hand behind sudo's back and gaining nothing. :)

dannysauer
  • 1,269
0

On some systems, su to root is not enabled for normal users, so sudo su is required.

Klaatu von Schlacker
  • 3,068
  • it's worked just fine on all the systems I've tested it on.. Linux and BSD alike, hence the confusion – Electric Coffee Aug 25 '15 at 20:33
  • Why sudo su and not sudo -i? – Chris Davies Aug 25 '15 at 21:00
  • @roaima sudo -i does not inherit the root PATH. Try echo $PATH and then sudo -i echo $PATH, then do sudo -i and once at a root prompt, do echo $PATH. – Klaatu von Schlacker Aug 25 '15 at 22:03
  • 1
    @Klaatu but sudo -i echo $PATH is evaluating $PATH in the user's context, not root's. – Chris Davies Aug 25 '15 at 22:25
  • [user@host] /home/user$ sh -c 'echo $PATH' /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/quest/bin:/usr/local/sec:/var/cfengine/bin [user@host] /home/user$ sudo -i sh -c 'echo $PATH' /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/quest/bin:/usr/local/sec:/var/cfengine/bin:/var/cfengine/bin:/root/bin – dannysauer Aug 31 '15 at 17:45
0

The main difference between these commands is in the way they restrict access to their functions.

su (which means "substitute user" or "switch user") - does exactly that, it starts another shell instance with privileges of the target user. To ensure you have the rights to do that, it asks you for the password of the target user. So, to become root, you need to know root password. If there are several users on your machine who need to run commands as root, they all need to know root password - note that it'll be the same password. If you need to revoke admin permissions from one of the users, you need to change root password and tell it only to those people who need to keep access - messy.

sudo (hmm... what's the mnemonic? Super-User-DO?) is completely different. It uses a config file (/etc/sudoers) which lists which users have rights to specific actions (run commands as root, etc.) When invoked, it asks for the password of the user who started it - to ensure the person at the terminal is really the same "joe" who's listed in /etc/sudoers. To revoke admin privileges from a person, you just need to edit the config file (or remove the user from a group which is listed in that config). This results in much cleaner management of privileges.

As a result of this, in many Debian-based systems root user has no password set - i.e. it's not possible to login as root directly.

Also, /etc/sudoers allows to specify some additional options - i.e. user X is only able to run program Y etc.

The often-used sudo su combination works as follows: first sudo asks you for your password, and, if you're allowed to do so, invokes the next command (su) as a super-user. Because su is invoked by root, it does not require you to enter the target user's password. So, sudo su allows you to open a shell as another user (including root), if you're allowed super-user access by the /etc/sudoers file.

Devender Goyal
  • 109