su - user Vs sudo su - user
Solution 1
Just repeating both @dr01 and @OneK's answers because they are both missing some fine details:
su - username
- Asks the system to start a new login session for the specified user. The system will require the password for the user "username" (even if its the same as the current user).sudo su - username
will do the same, but first ask the system to be elevated to super user mode, after whichsu
will not ask for "username"'s password because a super user is allowed to change into any other user without knowing their password. That being said,sudo
in itself enforces security by by checking the/etc/sudoers
file to make sure the current user is allowed to gain super user permissions,and possibly verifying the current user's password.
I would also like to comment that to gain a super user login session, please use sudo -i
(or sudo -s
) as sudo su -
is just silly: its asking sudo
to give super user permissions to su
so that su
can start a login shell for the super user - when sudo
can achieve the same result better it by itself.
Solution 2
Having superuser rights, sudo su - username
will log you in (in a login shell) as $username
without asking for a password, while su - username
will ask for the password of $username
.
Solution 3
sudo su - username
does the same as su - username
: runs a login shell as username
.
su - username
run as root and sudo su - username
do not require to know username's password (as they are run with elevated privileges), while su - username
run as a normal user requires to know it.
Related videos on Youtube
overexchange
Updated on September 18, 2022Comments
-
overexchange almost 2 years
sudo su -
will elevate any user(sudoer) withroot
privilege.su - anotheruser
will switch to user environment of the target user, with target user privilegesWhat does
sudo su - username
mean? -
overexchange almost 6 yearsFor a user(
user1
) to run with appropriate sudo rights, What are the changes required for achieving this sudo rights? -
dr_ almost 6 yearsSudo rights are defined in
/etc/sudoers
-
overexchange almost 6 yearsWe would not require password in former case unlike latter case
-
overexchange almost 6 yearsfor your point: "can only be run by the superuser" If current user has passwd, then you would not need to be superuser.. Isn't it?
-
overexchange almost 6 yearsNo need to be super user to
su - username
, if you know the passwd -
OneK almost 6 yearsFrom my understanding that is what I answered? You don't need to be superuser to
su
, but being super user, it won't ask you for a password of the user you want to become.Edit: after your edit, @overexchange, it makes more sense to me. -
overexchange almost 6 yearsDoes that mean...
sudo
is used to just give privilege as sudoer without a need of passwd? or something more than that... -
OneK almost 6 years
sudo
will execute the command that follows as the user with elevated rights. Hence, you might as well change the password for the$username
, so you can become the user as well without being asked for a password. -
overexchange almost 6 yearsAs a sudoer...switching to target user without a passwd, but still getting elevated rights of that target user....
-
dr_ almost 6 yearsApologies, what I wrote was wrong. Caffeine abstinence probably... I corrected my answer.
-
overexchange almost 6 yearsSo.. what should be the entry in
/etc/sudoers
file? forsudo su - foo
working... -
Motivated over 5 years@Guss - What are the differences between sudo -i and sudo -s and why choose one over another? Secondly, why use sudo -i for example when there is the option to use su -?
-
Guillaume Boudreau over 5 years@Motivated:
-i
is a "login shell", while-s
is an "interactive shell". There's a very delicate difference between the two which is mostly shell implementation dependant and has to do with initialization sequence and which setting files are loaded. Read your shell's manual page for exact details, but its also a good idea to consultman sudo
. -
Guillaume Boudreau over 5 yearsSecondly:
sudo -i
andsu -
do the same thing (su -
is equivalent tosu --login
), using different authorization mechanism:su
verifies the password for theroot
account, whilesudo
verifies the password for your current user account and also verifies that your current user account is allowed to run administrative operations according to the/etc/sudoers
policy. This is the reasonsudo
is prefered: it doesn't require your system to have aroot
password (which is considered insecure) and usage is subject to a finer grained security policy. -
Motivated over 5 years@Guss - Thanks. In reading the man page it isn't clear as to the selecting the appropriate command. For example, when should
sudo -i
andsudo -s
be used? -
Guillaume Boudreau over 5 yearsI recommend only using
sudo -i
as it behaves likesu -
that everyone knows (and loves >:-( ), so there'd be fewer surprises. If your root shell is Bash, then the difference between-i
and-s
is that-i
causes the profile file to be loaded while-s
will cause the.bashrc
file to be loaded (it is usually also loaded from the profile file) - so if you know there are settings in the profile file you'd like to skip, use-s
. Otherwise, stick with-i
.