6

I have tried this on Fedora and on Ubuntu.

kshitiz@kshitiz:~$su
su: Authentication failure

kshitiz@kshitiz:~$sudo su

root@kshitiz:/home/kshitiz#

I am entering the same password in both the cases.

3 Answers3

10

su requires the password of the account whose privileges you are trying to assume (apparently root in this case).

sudo requires the password of the current user - that is, the password for user kshitiz.

By running sudo su, you are effectively becoming root, then running su to get a root shell - that is, your privileges are already elevated to root before the call to su is executed, which is why you don't get prompted for the root password again.

D_Bye
  • 13,977
  • 3
  • 44
  • 31
1

su uses the root password, while sudo uses the current user password. At least in Ubuntu the root password is scrambled during installation.

Kotte
  • 2,537
  • Isn't that a security loophole? Since any user in sudoers list can elevate to root what is the purpose of having a su account with scrambled password? Why doesn't setup just put the same password for su and kshitiz? – Kshitiz Sharma Mar 13 '13 at 10:42
  • 2
    @KshitizSharma : The "su" password in this case is the root password. If you are asking, "what's the purpose of the root account?", methinks the caveat against using root has gone a bit far, lol -- but that would make a good separate question. The reason you must be root to use su with no arguments is because it stands for "switch user" (not "super user") but, if you don't specify anything, the default is root. You can, however, specify anyone, eg. "su kshitiz" -- in which case you would need kshitiz's password, not root's. Make sense? – goldilocks Mar 13 '13 at 11:52
  • @KshitizSharma, yes, it is a hole. sudo is to give selected users permissions to run some programs as root (or other users). This way those users can run any program as root. It is a bit safer than letting Joe Random switch to root to do something (and stay there!), but not much better. As configuration for personal machines it is fine, elsewhere a much more careful configuration is required. – vonbrand Mar 13 '13 at 14:01
1

In fact, you can specify in the /etc/sudoers file (use visudo) which password the user who issues sudo has to enter. If these lines

# Defaults      targetpw
# ALL   ALL = (ALL) ALL  

were uncommented, you would have to enter the root-password to run passwords with root-permissions via sudo.