Why does sudo su work, but su does not?
Solution 1
su
requires the password of the account whose privileges you are trying to assume (apparently root
in this case).
sudo
requires the password of the current user - that is, the password for user kshitiz
.
By running sudo su
, you are effectively becoming root
, then running su
to get a root shell - that is, your privileges are already elevated to root
before the call to su
is executed, which is why you don't get prompted for the root password again.
Solution 2
su
uses the root password, while sudo
uses the current user password. At least in Ubuntu the root password is scrambled during installation.
Solution 3
In fact, you can specify in the /etc/sudoers
file (use visudo
) which password the user who issues sudo
has to enter. If these lines
# Defaults targetpw
# ALL ALL = (ALL) ALL
were uncommented, you would have to enter the root-password to run passwords with root-permissions via sudo
.
Related videos on Youtube
Benny Abramovici
Developer who enjoys sharing knowledge. https://ksharma.dev Open source projects: Github
Updated on September 18, 2022Comments
-
Benny Abramovici over 1 year
I have tried this on
Fedora
and onUbuntu
.kshitiz@kshitiz:~$su su: Authentication failure kshitiz@kshitiz:~$sudo su root@kshitiz:/home/kshitiz#
I am entering the same password in both the cases.
-
Benny Abramovici about 11 yearsIsn't that a security loophole? Since any user in sudoers list can elevate to root what is the purpose of having a su account with scrambled password? Why doesn't setup just put the same password for su and kshitiz?
-
goldilocks about 11 years@KshitizSharma : The "su" password in this case is the root password. If you are asking, "what's the purpose of the root account?", methinks the caveat against using root has gone a bit far, lol -- but that would make a good separate question. The reason you must be root to use
su
with no arguments is because it stands for "switch user" (not "super user") but, if you don't specify anything, the default is root. You can, however, specify anyone, eg. "su kshitiz" -- in which case you would need kshitiz's password, not root's. Make sense? -
vonbrand about 11 years@KshitizSharma, yes, it is a hole.
sudo
is to give selected users permissions to run some programs as root (or other users). This way those users can run any program as root. It is a bit safer than letting Joe Random switch to root to do something (and stay there!), but not much better. As configuration for personal machines it is fine, elsewhere a much more careful configuration is required.