Linux has several commands and ways to gain root privileges. Each command and function works and invokes differently. Every Linux command distributes in a particular way using the configuration set by default. The two commonly used commands to have root permission in Linux are Su and Sudo.
Su vs Sudo
The main difference between Su and Sudo is that the Su command can interchange between superuser and root user if executed without prior additional options while the Sudo command provides single root privileges. Su demands the password of the root account while Sudo demands the password of the current user account.
Su stands for substitute user. It is a traditional way to acquiring root permission in Linux. It has been released in 1971. The main syntax of the command is : su[user_name] or su-[user_name]. Without the use of argument, it can switch to a superuser account of the root. It invokes the user shell while working.
While Sudo stands for substitute user do. It is used for gaining permission in administrative and executable tasks. The main syntax of the command is sudo[command]. It has the limitation of being used by users of the sudoers group. It has the potential to inhibit unwanted system-wide changes.
Comparison Table Between Su and Sudo
| Parameters of comparison | Su | Sudo |
| Type | Command | Privilege authorization |
| Operating System | Unix and Unix-like | Unix-like |
| Function | To seek root permission through switching to superuser or root user | To seek root permission through a single command |
| Author | Dennis Ritchie and Ken Thompson | Robert Coggeshall and Cliff Spencer |
| Developer | AT&T Bell Laboratories | Todd C. Miller |
What is Su?
Su is a Unix command. The full form of Su is ‘substitute user’. It was initially a part of the Version 1 Unix. It was developed by Dennis Ritchie and Ken Thompson. It was released by AT&T Laboratories on 3rd November 1971.
The job of the su command is to execute commands and provide the privilege of another account of the user. Upon execution, the su command invokes a shell and does not change the present working directory or the environment of the user.
If the command is used without initially specifying the new user id which would serve as the command line argument, the su command would use the superuser account of the system as the default setting. It would imply that as user id 0. When the command is in the run, su would ask the user for its target user’s password.
Upon authentication, the operator would grant access to the account. It would even grant permission for the files and directories in the account. The use of hyphen ( example su-), is used to begin a login shell. This mode extensively allows the users to assume the environment of the target user.
What is Sudo?
Sudo is a type of program in the operating system of Unix-like. The full form of sudo is ‘substitute user do’. In the default setting, it allows superuser. It was developed by Robert Coggeshall and Cliff Spencer. It was released by Todd C. Miller in 1980 but was officially released on 27th July 2021.
The job of the Sudo command is to allow users to run programs and provide security privileges for another user. The license is of ISC style. It is extensively used in the C language. The only limitation of the Sudo command is that it can be executed by users of the sudoer group. But adding a new user to the sudoer group is also easy.
Sudo is also used for administrative tasks. Sudo authenticates by asking for the password of the user and not of the target user. After authentication, it permits access and invokes a requested command. The configuration file plays a vital role in accessing permission, enabling commands, or during entry or re-entry of passwords.
Sudo is a single command and runs with root privileges. Unlike su, it does not switch to a root user account or ask for the root user’s credentials like a password. The advantage of using Sudo is that users need to provide and remember only one password. This also provides potential security and unwanted security-wide changes and modifications can be controlled.
Main Differences Between Su and Sudo
- Su authenticates by asking the password of the target user while sudo authenticates the users with their passwords.
- Su switches the users to the root user account and asks for the root accounts credentials while Sudo is a single command of root privileges and does not switch to the root user account.
- Su command has been the traditional way of seeking root privilege permissions in Linux while Sudo has gained popularity in recent times.
- Su command users need to create separate root and user account passwords during installation while Sudo command users only need to provide a single password.
- Su invokes the root shell and keeps it open during normal functioning while Sudo runs fewer commands in roots and increases security.
Conclusion
In Linux, these are the two main commands to gain root privileges and permission. The current user can gain access by providing the correct credentials. The root is the actual name given to the administrator account. Root users have the power to remove, change, alter, mount, and unmount file systems.
Linux provides switching between superuser and root user through su command and single command access through sudo. In su, the users can assume the identity of another user without changing the login or credentials while in sudo, the user does not need to change the identity. Su can be implemented in two ways: su and su-. Su keeps the original environment while su- creates a new environment for the root user.
Su is constantly switching between root user and superuser while sudo does not include any such interchange. Also, su in the root user can expose the entire system information and poses the risk of modification while Sudo grants privileged permission only for the specific command demanded and hence is safer to use.
References
- https://link.springer.com/chapter/10.1007/978-1-4842-5049-5_11
- https://link.springer.com/chapter/10.1007/978-3-030-78120-0_13