Pages

What Is The Difference Between "su" and "sudo" Commands In Linux?

The "sudo" was implemented on major Linux distributions (including Ubuntu and Fedora) few years ago. Although the history of sudo goes back as long as 1980's, but until recently it's usage was somewhat, limited. So, please be kind enough to let me give you a basic understanding "of" and for what the name "sudo" exists for :).

Funny but it's true tough :(...

The "su" part stands for "substitute user" and the "do" part represents the notion of running a command using another user's privileges, which is in this case, the Root. Root in both Unix and GNU Linux is the single most powerful user (originally accessed via the "su" command). There is nothing the Root user can't do in Linux (including the complete deletion of the system partition as well :( ).

So, when set-up, "sudo" let normal users to run programs that require administrative privileges without having to log in or become the dangerous "Root/su" user.  

Here is an example of how this can be used (a demonstration of running nautilus with Root user privileges by a normal user, using the "sudo" command),

sudo nautilus

As anyone can see, that was the problem with the "Root" user. If you don't know what you're doing... then the Root can do some heavy damages. So let's have a look at few of the disadvantages which gave birth to the "sudo".

*. Dangerous - I don't think you need any more info on this one as I said before, if you can't handle "it", you should not use it (ha.. you already wanna login as the Root don't ya...)

*. "Open" to attacks - Let me put it this way, for a hacker to start doing something naughty, first he needs the name of the User to begin with. Since, Root exists by default and cannot be changed (the name), now all he has to do is try to find the password. Although you can make things more secure by giving a strong password but still, it is by default, somewhat, "risky".

*. Hard to trace - When you do your things as the Root user, the OS does not create any history concerning who or when, etc .... nothing... nada!. So, if few people had access to your Root account then it is pretty hard to figure out who did it.

Although I'm pretty sure there is a long list of disadvantages, but these are the few most important ones. So, to avoid these difficulties, the "sudo" command was embedded by Linux developers and by default Ubuntu and Fedora disables the "Root" user.

Let's have a look at some of the good and bad aspects of sudo.


The Good

*. More secure against hackers - As said, it is easy for a hacker to try to break into your OS if he knows where to begin with (in this case it is the name of the user). But since your user names are hidden by default, first they have to find a name.

*. Single password - If you want to use the Root user privileges, then you have to enter a separate password. So you have to remember two passwords. But, since sudo let the normal users act as the "Root" by using the same password, now you only need to remember one password.

*. Automatic log-off - The session of a sudo expires within 15 minutes of entering the password in your Terminal. After that the system will ask for it again (although you can change the time frame nonetheless).

This is a very good thing, since, say that you had to go somewhere (to hide from your ex-girlfriend ;-) ) for few mins but forgot to lock the screen, then someone can easily do some damages to the OS via the sudo privileges.

*. Assign temporary "Roots" (with certain restrictions) - Say that you're an administrator of a network and a user asked for administrative privileges, then you can avoid giving him the Root privileges or sharing the password, now you can easily assign him/her temporally to the "sudo" system. So you don't have to "share" the Root which is not a good idea.

Two bad things about it

*. Easy access - If not set-up properly, then hackers can gain full access to the "Root" account which is superior to the sudo thus enabling them to do whatever they want!.

*. Password may be easy to obtain - Now, say that while installing your Linux you create a user account and gave a weaker password. As you can remember, the OS will make you eligible to act as the "sudo" by default. Anything with a weak password is very risky, thus in this case, a hacker might be able to guess your user account password easily, thus gaining access to the "Root" user.

Again there are a lot of bad and good things about these two SU and SUDO, but I'm not gonna write it since all I wanted was to give a brief introduction (ya!.. nice job, you wrote a book man ... I know, sorry about that :) ) concerning the subject. Hope this helped to clear some clouds.

3 comments:

Anonymous said...

good info....

Gayan said...

@Anonymous,

You are welcome :).

Anonymous said...

How can you check if your Linux machine on network has static or dynamically allocated IP?
How can you change it from dynamic to static?

Post a Comment