Difference between sudo, su and su- in Linux

In Linux systems, because root is too large, it is often not used. Only in special cases can root be used to perform administrative tasks.In general, the su and sudo commands are often used to temporarily use root privileges.

The su command is a tool for converting users. For example, you are logged in as a normal user, but to add tasks to the user you do not have enough authority and this permission is exactly owned by root.

There are 2 solutions: One is to log out of the current user and log in again as the root user. Second, there is no need to exit the current user but use su to switch to root and add the user.

Converting to su is obviously better. But note that the average user needs password authentication in order to make the switch to any other user.

sudo, su, and su- have usage differences in Linux

The sudo command

Sudo is a permissions management mechanism, which depends on / etc / sudoers , which determines which users are allowed to execute what kind of management commands. The command format is:

sudo -u username command

By default, only the root user can execute the sudo command. The root user needs to edit the sudo / etc / sudoers configuration file using the visudo command to allow other ordinary users to execute the sudo command.

Sudo runs as follows:

1) When the user runs sudo, the system will look in the / etc / sudoers file to see if the user has the right to run sudo or not.

2) If the user has permission to run sudo, then the next thing to do is to enter the user's password.

3) Assume the password is correct. Start the command after sudo, you no longer need to enter the password to run sudo as root.

How to set an initial su password?

As you type su, you will see that the password is required. If trying to enter the password of the current user, an error will appear. But you don't know what su password is? Actually, the initial su password can be set in the following way:

sudo passwd

After the setup is complete, just enter the su command and type in the password you just set.

Order su

Su stands for switch user. With su, you can switch any user. Generally speaking, just use su-username and enter a password, but root doesn't need to enter the password when switching to an identity other than su.

There are 2 formats:

su -l username
 su username

-l stands for login.

If you don't specify a username, then root is considered the default option, so the command to switch to root is: su -root or su-, su root or su.

su username is different from su-username as follows:

su-username after switching users, also switching to the new user's work environment. After su username changes the user, the original user's working directory and the other environment variable directories remain unchanged.

Command su-

When the su-, su -l or su --login command changes its identity, the working directory, home, shell, user, and logname also changes. Also, the variable path has been changed. The use of the su- command will be converted to the root user by default.

The su- command without a parameter does not change the current working directory, as well as home, shell, user, logname. It only has root access.

Note : su- use root's password and sudo uses the user's password.

See more:

How to reset password for sudo in Debian
The reason and how to edit sudoers file in Linux
How to use sudo without password in Linux
How to check sudo history in Linux
Linux SUDO error allows to run commands as root