Skip to main content

Difference Between Su and Sudo (With Table)

 

Su vs Sudo

The main difference between Su and Sudo is that the Su command can interchange between superuser and root user if executed without prior additional options while the Sudo command provides single root privileges. Su demands the password of the root account while Sudo demands the password of the current user account.

 

 

Su stands for substitute user. It is a traditional way to acquiring root permission in Linux. It has been released in 1971. The main syntax of the command is : su[user_name] or su-[user_name]. Without the use of argument, it can switch to a superuser account of the root. It invokes the user shell while working.

While Sudo stands for substitute user do. It is used for gaining permission in administrative and executable tasks. The main syntax of the command is sudo[command]. It has the limitation of being used by users of the sudoers group. It has the potential to inhibit unwanted system-wide changes.

Comparison Table Between Su and Sudo

Parameters of comparisonSuSudo
TypeCommandPrivilege authorization
Operating SystemUnix and Unix-likeUnix-like
FunctionTo seek root permission through switching to superuser or root userTo seek root permission through a single command
AuthorDennis Ritchie and Ken ThompsonRobert Coggeshall and Cliff Spencer
DeveloperAT&T Bell LaboratoriesTodd C. Miller

What is Su?

Su is a Unix command. The full form of Su is ‘substitute user’. It was initially a part of the Version 1 Unix. It was developed by Dennis Ritchie and Ken Thompson. It was released by AT&T Laboratories on 3rd November 1971.

The job of the su command is to execute commands and provide the privilege of another account of the user. Upon execution, the su command invokes a shell and does not change the present working directory or the environment of the user.

If the command is used without initially specifying the new user id which would serve as the command line argument, the su command would use the superuser account of the system as the default setting. It would imply that as user id 0. When the command is in the run, su would ask the user for its target user’s password.

Upon authentication, the operator would grant access to the account. It would even grant permission for the files and directories in the account. The use of hyphen ( example su-), is used to begin a login shell. This mode extensively allows the users to assume the environment of the target user.

What is Sudo?

Sudo is a type of program in the operating system of Unix-like. The full form of sudo is ‘substitute user do’. In the default setting, it allows superuser. It was developed by Robert Coggeshall and Cliff Spencer. It was released by Todd C. Miller in 1980 but was officially released on 27th July 2021.

The job of the Sudo command is to allow users to run programs and provide security privileges for another user. The license is of ISC style. It is extensively used in the C language. The only limitation of the Sudo command is that it can be executed by users of the sudoer group. But adding a new user to the sudoer group is also easy.

Sudo is also used for administrative tasks. Sudo authenticates by asking for the password of the user and not of the target user. After authentication, it permits access and invokes a requested command. The configuration file plays a vital role in accessing permission, enabling commands, or during entry or re-entry of passwords.

Sudo is a single command and runs with root privileges. Unlike su, it does not switch to a root user account or ask for the root user’s credentials like a password. The advantage of using Sudo is that users need to provide and remember only one password. This also provides potential security and unwanted security-wide changes and modifications can be controlled.

Main Differences Between Su and Sudo

  1. Su authenticates by asking the password of the target user while sudo authenticates the users with their passwords.
  2. Su switches the users to the root user account and asks for the root accounts credentials while Sudo is a single command of root privileges and does not switch to the root user account.
  3. Su command has been the traditional way of seeking root privilege permissions in Linux while Sudo has gained popularity in recent times.
  4. Su command users need to create separate root and user account passwords during installation while Sudo command users only need to provide a single password.
  5. Su invokes the root shell and keeps it open during normal functioning while Sudo runs fewer commands in roots and increases security.

Conclusion

In Linux, these are the two main commands to gain root privileges and permission. The current user can gain access by providing the correct credentials. The root is the actual name given to the administrator account. Root users have the power to remove, change, alter, mount, and unmount file systems.

Linux provides switching between superuser and root user through su command and single command access through sudo. In su, the users can assume the identity of another user without changing the login or credentials while in sudo, the user does not need to change the identity. Su can be implemented in two ways: su and su-. Su keeps the original environment while su- creates a new environment for the root user.

Su is constantly switching between root user and superuser while sudo does not include any such interchange. Also, su in the root user can expose the entire system information and poses the risk of modification while Sudo grants privileged permission only for the specific command demanded and hence is safer to use.

References

  1. https://link.springer.com/chapter/10.1007/978-1-4842-5049-5_11
  2. https://link.springer.com/chapter/10.1007/978-3-030-78120-0_13

Comments

Popular posts from this blog

CKA Simulator Kubernetes 1.22

  https://killer.sh Pre Setup Once you've gained access to your terminal it might be wise to spend ~1 minute to setup your environment. You could set these: alias k = kubectl                         # will already be pre-configured export do = "--dry-run=client -o yaml"     # k get pod x $do export now = "--force --grace-period 0"   # k delete pod x $now Vim To make vim use 2 spaces for a tab edit ~/.vimrc to contain: set tabstop=2 set expandtab set shiftwidth=2 More setup suggestions are in the tips section .     Question 1 | Contexts Task weight: 1%   You have access to multiple clusters from your main terminal through kubectl contexts. Write all those context names into /opt/course/1/contexts . Next write a command to display the current context into /opt/course/1/context_default_kubectl.sh , the command should use kubectl . Finally write a second command doing the same thing into ...

OWASP Top 10 Threats and Mitigations Exam - Single Select

Last updated 4 Aug 11 Course Title: OWASP Top 10 Threats and Mitigation Exam Questions - Single Select 1) Which of the following consequences is most likely to occur due to an injection attack? Spoofing Cross-site request forgery Denial of service   Correct Insecure direct object references 2) Your application is created using a language that does not support a clear distinction between code and data. Which vulnerability is most likely to occur in your application? Injection   Correct Insecure direct object references Failure to restrict URL access Insufficient transport layer protection 3) Which of the following scenarios is most likely to cause an injection attack? Unvalidated input is embedded in an instruction stream.   Correct Unvalidated input can be distinguished from valid instructions. A Web application does not validate a client’s access to a resource. A Web action performs an operation on behalf of the user without checkin...