su - user Vs sudo su - user
32,156
Solution 1
Just repeating both @dr01 and @OneK's answers because they are both missing some fine details:
su - username- Asks the system to start a new login session for the specified user. The system will require the password for the user "username" (even if its the same as the current user).sudo su - usernamewill do the same, but first ask the system to be elevated to super user mode, after whichsuwill not ask for "username"'s password because a super user is allowed to change into any other user without knowing their password. That being said,sudoin itself enforces security by by checking the/etc/sudoersfile to make sure the current user is allowed to gain super user permissions,and possibly verifying the current user's password.
I would also like to comment that to gain a super user login session, please use sudo -i (or sudo -s) as sudo su - is just silly: its asking sudo to give super user permissions to su so that su can start a login shell for the super user - when sudo can achieve the same result better it by itself.
Solution 2
Having superuser rights, sudo su - username will log you in (in a login shell) as $username without asking for a password, while su - username will ask for the password of $username.
Solution 3
sudo su - username does the same as su - username: runs a login shell as username.
su - username run as root and sudo su - username do not require to know username's password (as they are run with elevated privileges), while su - username run as a normal user requires to know it.
Related videos on Youtube
09 : 03
How to use sudo and su command (linux tutorial)
05 : 45
How to use sudo su root | sudo no password | visudo
09 : 43
Difference between SU and SUDO command
03 : 19
Difference between "sudo" and "su" command in Linux
08 : 51
How to Escalate Permissions on Linux with Sudo, Su
Author by
overexchange
Updated on September 18, 2022Comments
-
overexchange almost 2 years
sudo su -will elevate any user(sudoer) withrootprivilege.su - anotheruserwill switch to user environment of the target user, with target user privilegesWhat does
sudo su - usernamemean? -
overexchange almost 6 yearsFor a user(
user1) to run with appropriate sudo rights, What are the changes required for achieving this sudo rights? -
dr_ almost 6 yearsSudo rights are defined in/etc/sudoers -
overexchange almost 6 yearsWe would not require password in former case unlike latter case
-
overexchange almost 6 yearsfor your point: "can only be run by the superuser" If current user has passwd, then you would not need to be superuser.. Isn't it?
-
overexchange almost 6 yearsNo need to be super user to
su - username, if you know the passwd -
OneK almost 6 yearsFrom my understanding that is what I answered? You don't need to be superuser to
su, but being super user, it won't ask you for a password of the user you want to become.Edit: after your edit, @overexchange, it makes more sense to me. -
overexchange almost 6 yearsDoes that mean...
sudois used to just give privilege as sudoer without a need of passwd? or something more than that... -
OneK almost 6 years
sudowill execute the command that follows as the user with elevated rights. Hence, you might as well change the password for the$username, so you can become the user as well without being asked for a password. -
overexchange almost 6 yearsAs a sudoer...switching to target user without a passwd, but still getting elevated rights of that target user....
-
dr_ almost 6 yearsApologies, what I wrote was wrong. Caffeine abstinence probably... I corrected my answer.
-
overexchange almost 6 yearsSo.. what should be the entry in
/etc/sudoersfile? forsudo su - fooworking... -
Motivated over 5 years@Guss - What are the differences between sudo -i and sudo -s and why choose one over another? Secondly, why use sudo -i for example when there is the option to use su -?
-
Guillaume Boudreau over 5 years@Motivated:
-iis a "login shell", while-sis an "interactive shell". There's a very delicate difference between the two which is mostly shell implementation dependant and has to do with initialization sequence and which setting files are loaded. Read your shell's manual page for exact details, but its also a good idea to consultman sudo. -
Guillaume Boudreau over 5 yearsSecondly:
sudo -iandsu -do the same thing (su -is equivalent tosu --login), using different authorization mechanism:suverifies the password for therootaccount, whilesudoverifies the password for your current user account and also verifies that your current user account is allowed to run administrative operations according to the/etc/sudoerspolicy. This is the reasonsudois prefered: it doesn't require your system to have arootpassword (which is considered insecure) and usage is subject to a finer grained security policy. -
Motivated over 5 years@Guss - Thanks. In reading the man page it isn't clear as to the selecting the appropriate command. For example, when should
sudo -iandsudo -sbe used? -
Guillaume Boudreau over 5 yearsI recommend only using
sudo -ias it behaves likesu -that everyone knows (and loves >:-( ), so there'd be fewer surprises. If your root shell is Bash, then the difference between-iand-sis that-icauses the profile file to be loaded while-swill cause the.bashrcfile to be loaded (it is usually also loaded from the profile file) - so if you know there are settings in the profile file you'd like to skip, use-s. Otherwise, stick with-i.
