Sorry for this newbie question:

at is the difference between "su" and "sudo" command ?

Matthew

On Wed, 30 Dec 2009 18:15:21 +0000, Matthew Lincoln wrote:

> Sorry for this newbie question:
> 
> at is the difference between "su" and "sudo" command ?
> 
> Matthew

'su' allows you to log in as another user (not necessarily even 
superuser, if you specify a user name). sudo allows you to run a command 
as though you were logged in as superuser. man pages will give you much 
more info.

In comp.os.linux.misc Matthew Lincoln <kmlincoln100@hotmail.com> wrote:
> Sorry for this newbie question:
> 
> at is the difference between "su" and "sudo" command ?
> 

Since you are a newbie, you're likely coming from Windows
in which case "sudo" is roughly equiavlent to "runas"
whereas "su" is cloase to "runas cmd". "sudo" executes
a single command with elevated permissions, "su" opens a shell
with elevated permissions.

Stan

Matthew Lincoln wrote:

> Sorry for this newbie question:
> 
> at is the difference between "su" and "sudo" command ?
> 
> Matthew

su allows you to become another user during the current 
session; i.e., until you enter exit to return to the earlier 
user identity.

sudo allows you to execute one command as the named user and 
then returns to the original id.

They're used mostly to temporarily become the root 
superuser.

Try man su and man sudo for details.

Welcome to linux!  There's a big learning curve, but I think 
you'll find it worthwhile.

Bryce

>>>>> "Matthew" == Matthew Lincoln <kmlincoln100@hotmail.com> writes:

Matthew> at is the difference between "su" and "sudo" command ?

The simplest difference is that "su" uses the *new* users password, while
"sudo" uses the *original* users password.  This alone means that you don't
have to have a shared secret password for root, for example.  On some boxes I
administer, root doesn't even *have* a possible password.

I can't remember the last time I invoked su.  I use sudo every day though.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion

Randal L. Schwartz wrote:

>>>>>> "Matthew" == Matthew Lincoln <kmlincoln100@hotmail.com> writes:
> 
> Matthew> at is the difference between "su" and "sudo" command ?
> 
> The simplest difference is that "su" uses the *new* users password, while
> "sudo" uses the *original* users password.  This alone means that you
> don't have to have a shared secret password for root, for example.  On
> some boxes I administer, root doesn't even *have* a possible password.

True, however sudo can be configured to request the root password rather 
that the user's password. That said, I haven't seen such a setup used in 
practice.

Matthew Lincoln wrote:
> Sorry for this newbie question:
> 
> at is the difference between "su" and "sudo" command ?

sudo is a more flexible and feature full way of doing something
as another user.  Has more options allowing for things like
executing only specific commands, executing things without
password, etc.  It's closer to allowing role based security.

su is pretty basic.

kmlincoln100@hotmail.com (Matthew Lincoln) writes:

> at is the difference between "su" and "sudo" command ?

What questions remain after reading the man pages ‘su(1)’ and ‘sudo(8)’?

-- 
 \       “Faith, n. Belief without evidence in what is told by one who |
  `\   speaks without knowledge, of things without parallel.” —Ambrose |
_o__)                           Bierce, _The Devil's Dictionary_, 1906 |
Ben Finney

On 2009-12-30, Matthew Lincoln <kmlincoln100@hotmail.com> wrote:
> Sorry for this newbie question:
>
> at is the difference between "su" and "sudo" command ?

The "su" command is a standard command to all (at least all I am aware of) Unix
and Linux operating systems. It allows a user to "switch user" (hence the name
"su") by providing the password for that user. The root user can use su to
switch user without providing a password.

The "sudo" command is an open-source, optional utility command that allows the
root user to configure commands to be run as another user by particular users
by authenticating with *their own* password (or optionally, no password).

HTH,

Kevin

On Wed, 30 Dec 2009 18:15:21 +0000, Matthew Lincoln wrote:

> Sorry for this newbie question:
> 
> at is the difference between "su" and "sudo" command ?

'su' - You assume the users rights
'sudo' - User is allowed to execute a command in accordance with what is
listed in sudoers.


-- 

Regards
Robert

Linux User #296285
http://counter.li.org

Matthew Lincoln wrote:

> Sorry for this newbie question:
> 
> at is the difference between "su" and "sudo" command ?
> 

It's (mostly) a matter of the defaults.
By default su gives you a session as another user unless
given the -c switch, in which case it runs one command as
another user. With sudo you need to use the -i to have a
whole session as another user rather than just running one
command.

There are other differences but that's the major one.

-- 
Quote of the login: 
A bug in the code is worth two in the documentation.

On Dec 30, 1:15=A0pm, kmlincoln...@hotmail.com (Matthew Lincoln) wrote:
> Sorry for this newbie question:
>
> at is the difference between "su" and "sudo" command ?
>
> Matthew

Please read the manual pages on questions like this, first. If you
don't have them at hand, they're online.

'su' basically allows a non-root user to gain root privileges, if they
have the root password. 'sudo' is considerably more sophisticated and
allows non-root users to have a sophisticated configuration in "/etc/
sudoers" that allows them to use their *own* password to get
privileges, to execute certain root-level commands without typing a
password, or to be permitted to use only a set of commands with their
own password.

sudo is far more powerful and sophisticated: su is lighter weight and
always works, even if some fool screws up the /etc/sudoers
configuraton file.

On Wed, 30 Dec 2009 18:15:21 +0000, Matthew Lincoln wrote:

> Sorry for this newbie question:
> 
> at is the difference between "su" and "sudo" command ?
> 
> Matthew
>
One difference is that sudo gives rights to a specified subset of 
commands (as specified by the sudoers file) with the equivalent to the 
root users's permission, whereas, su gives complete access to the root 
account. sudo's approach is better in certain respects. First, there is 
more fine grained control to allowed commands. Second, sudo's security 
model is better. sudo users authenticate using their own password; 
whereas, su requires directly knowing the root password. Again, sudo's 
fine grained trust model is better because it avoids introducing a 
"shared secret" involving the root password.

-- 
Douglas Mayne

Hi.

Ryan McCoskrie <ryan.mccoskrie@invalid.invalid> writes:

> Matthew Lincoln wrote:
>
>> Sorry for this newbie question:
>> 
>> at is the difference between "su" and "sudo" command ?
>> 
>
> It's (mostly) a matter of the defaults.
> By default su gives you a session as another user unless
> given the -c switch, in which case it runs one command as
> another user. With sudo you need to use the -i to have a
> whole session as another user rather than just running one
> command.

You could also do (e.g.) "sudo bash".

-- 
Art Werschulz (8-{)}   "Metaphors be with you."  -- bumper sticker
GCS/M (GAT): d? -p+ c++ l++ u+ P++ e--- m* s n+ h f g+ w+ t+ r- 
Net: agw@dsm.fordham.edu http://www.dsm.fordham.edu/~agw
Phone:   Fordham U. (212) 636-6325, Columbia U. (646) 775-6035

Matthew Lincoln wrote:
> Sorry for this newbie question:
> 
> at is the difference between "su" and "sudo" command ?

man man

then look them up!

Matthew Lincoln wrote:

> at is the difference between "su" and "sudo" command ?

With any shell command, you should be able to get information on what it 
does and how to use it by opening a shell window (also known as a console) 
and entering, e.g. "man su" (without the quotes, of course). When you've 
finished reading, press Q to quit.

-- 
Backpacker

On 2009-12-31, Art Werschulz <agw@dsm.fordham.edu> wrote:
> Hi.
>
> Ryan McCoskrie <ryan.mccoskrie@invalid.invalid> writes:
>
>> Matthew Lincoln wrote:
>>
>>> Sorry for this newbie question:
>>> 
>>> at is the difference between "su" and "sudo" command ?
>>> 
>>
>> It's (mostly) a matter of the defaults.
>> By default su gives you a session as another user unless
>> given the -c switch, in which case it runs one command as
>> another user. With sudo you need to use the -i to have a
>> whole session as another user rather than just running one
>> command.
>
> You could also do (e.g.) "sudo bash".

But, of course, only if the sudoers file allows it.

-- 
Robert Riches
spamtrap42@verizon.net
(Yes, that is one of my email addresses.)

In article <4b3b98b9$0$6580$9b4e6d93@newsspool3.arcor-online.net>,
 kmlincoln100@hotmail.com (Matthew Lincoln) wrote:

> Sorry for this newbie question:
> 
> at is the difference between "su" and "sudo" command ?
> 
> Matthew

su requires you to enter the target user's password, and then starts a 
subshell (or executes the shell with a command line, if you use the -c 
option).  It can be used to execute any commands, so long as you know 
the target user's password (and if the target is root, you also have to 
be in the wheel group).

sudo requires you to enter your own password.  It checks a configuration 
file (/etc/sudoers) to determine who is allowed to execute different 
commands.

-- 
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

On 2009-12-31, Barry Margolin <barmar@alum.mit.edu> wrote:
> In article <4b3b98b9$0$6580$9b4e6d93@newsspool3.arcor-online.net>,
>  kmlincoln100@hotmail.com (Matthew Lincoln) wrote:
>
>> Sorry for this newbie question:
>> 
>> at is the difference between "su" and "sudo" command ?
>> 
>> Matthew
>
> su requires you to enter the target user's password, and then starts a 
> subshell (or executes the shell with a command line, if you use the -c 
> option).  It can be used to execute any commands, so long as you know 
> the target user's password (and if the target is root, you also have to 
> be in the wheel group).
>
> sudo requires you to enter your own password.  It checks a configuration 
> file (/etc/sudoers) to determine who is allowed to execute different 
> commands.

Whether you have to enter a password, and which password you have
to enter, is configured.  From what I have read, the thing of
entering your own password appears to be a Ubuntuism.  I use sudo
all the time and have never seen the practice of entering my own
password to use sudo.

-- 
Robert Riches
spamtrap42@verizon.net
(Yes, that is one of my email addresses.)

2009-12-31 Nico Kadel-Garcia <nkadel@gmail.com>:
> On Dec 30, 1:15�pm, kmlincoln...@hotmail.com (Matthew Lincoln) wrote:
>> Sorry for this newbie question:
>>
>> at is the difference between "su" and "sudo" command ?
>>
>> Matthew
>
> Please read the manual pages on questions like this, first. If you
> don't have them at hand, they're online.
>
> 'su' basically allows a non-root user to gain root privileges, if they
> have the root password. 

And is a member of the correct group.

On 31 Dec 2009, in the Usenet newsgroup comp.os.linux.misc, in article
<slrnhjoe69.h4o.spamtrap42@one.localnet>, Robert Riches wrote:

>Barry Margolin <barmar@alum.mit.edu> wrote:

>> sudo requires you to enter your own password.  It checks a
>> configuration file (/etc/sudoers) to determine who is allowed to
>> execute different commands.

>Whether you have to enter a password, and which password you have
>to enter, is configured.

Yup

>From what I have read, the thing of entering your own password
>appears to be a Ubuntuism

http://www.courtesan.com/sudo/man/sudoers.html

That's the sudo'ers manual.  See the entry for rootpw

   rootpw
          If set, sudo will prompt for the root password instead of the
          password of the invoking user. This flag is off by default.

as well as the 'runaspw' and 'targetpw' entries.   Asking for the
users password has been the default in many distributions, and if you
are compiling from source.  That goes back well before Ubuntu appeared
on the scene.

One reason why Ubuntu uses this mode is that by intent there is no
valid root password.  This is to prevent the windoze default mode of
running as the administrative user.

        Old guy

* Chris Cox wrote in comp.os.linux.misc:

> Matthew Lincoln wrote:
>> Sorry for this newbie question:
>> 
>> at is the difference between "su" and "sudo" command ?
> 
> sudo is a more flexible and feature full way of doing something
> as another user.  Has more options allowing for things like
> executing only specific commands, executing things without
> password, etc.  It's closer to allowing role based security.
> 
> su is pretty basic.

You have that backwards. su opens a shell as that user, from there you can 
do anything as the new user. sudo limits you to one command and is far more 
limited.

sudo elevates your permissions, su makes you the specified user.

-- 
David

SINNER wrote:

> * Chris Cox wrote in comp.os.linux.misc:
> 
>> Matthew Lincoln wrote:
>>> Sorry for this newbie question:
>>> 
>>> at is the difference between "su" and "sudo" command ?
>> 
>> sudo is a more flexible and feature full way of doing something
>> as another user.  Has more options allowing for things like
>> executing only specific commands, executing things without
>> password, etc.  It's closer to allowing role based security.
>> 
>> su is pretty basic.
> 
> You have that backwards. su opens a shell as that user, from there you can
> do anything as the new user. sudo limits you to one command and is far
> more limited.
> 
> sudo elevates your permissions, su makes you the specified user.
> 

Wrong!

sudo -i

whoami

Robert Riches <spamtrap42@verizon.net> writes:


>> sudo requires you to enter your own password.  It checks a configuration 
>> file (/etc/sudoers) to determine who is allowed to execute different 
>> commands.
>
> Whether you have to enter a password, and which password you have
> to enter, is configured.  From what I have read, the thing of
> entering your own password appears to be a Ubuntuism.  I use sudo
> all the time and have never seen the practice of entering my own
> password to use sudo.

It's often used if you don't want to change the root password every time
somebody leaves the admin team and of course it's the only sane thing if
you want to give only partial sudo access to somebody.


   Florian
-- 
<http://www.florian-diesch.de/software/shell-scripts/>

Robert Riches writes:
> From what I have read, the thing of entering your own password appears
> to be a Ubuntuism.  I use sudo all the time and have never seen the
> practice of entering my own password to use sudo.

It is the default configuration in Debian.  You are, of course, free to
change it in either Debian or Ubuntu.

Florian writes:
> It's often used if you don't want to change the root password every
> time somebody leaves the admin team and of course it's the only sane
> thing if you want to give only partial sudo access to somebody.

Offhand, I can't think of a good reason to configure it to require the
root password.
-- 
John Hasler 
jhasler@newsguy.com
Dancing Horse Hill
Elmwood, WI USA

In comp.os.linux.setup Matthew Lincoln <kmlincoln100@hotmail.com> wrote:
> Sorry for this newbie question:

> What is the difference between "su" and "sudo" command ?

su switches to another user, root by default.  More precisely, it starts
a command shell as that user (unless you explicitly give another
command).  You get prompted for the pertinent password.

sudo <command> executes <command> as though you were root.  You _don't_
get prompted for any password; instead, there's some sort of
configuration file that constitutes a database of who's allowed to
execute what commands via sudo.

The functionality of these commands overlaps somewhat;

    su -c <command>

does pretty much the same as sudo <command>.

   sudo bash

does pretty much the same as su.

The main use of sudo, as far as I can tell, is to create systems without
a root user (or without a root password).  Ubuntu does this.  The theory
is that Ubuntu users aren't really to be trusted with a proper root
account because they'll likely foul things up, but they need a certain
degree of root capability, so this is the safest way to give it them.  I
find this attitude rather snotty, and when I additionally discovered that
Ubuntu had put in it's own non-standard init program (for no good
reason), and they had forgotten to document its configuration, I chucked
Ubuntu.

Happy New Year!

> Matthew

-- 
Alan Mackenzie (Nuremberg, Germany).

Alan Mackenzie writes:
> sudo <command> executes <command> as though you were root.  You _don't_
> get prompted for any password...

You do if it is configured to ask.  Sudo can require the user's password
or the root password.

> The functionality of these commands overlaps somewhat;

>    su -c <command>

> does pretty much the same as sudo <command>.

Only if sudo is configured to permit the user to run <command>.

>   sudo bash

> does pretty much the same as su.

Only if bash is on of the commands sudo is configured to allow the user
to run.

> The main use of sudo, as far as I can tell, is to create systems
> without a root user (or without a root password).

No it isn't.
-- 
John Hasler 
jhasler@newsguy.com
Dancing Horse Hill
Elmwood, WI USA

On Thu, 31 Dec 2009, in the Usenet newsgroup comp.os.linux.misc, in article
<87my0z0zy6.fsf@thumper.dhh.gt.org>, John Hasler wrote:

>It is the default configuration in Debian.

Among others

>You are, of course, free to change it in either Debian or Ubuntu.

The problem in Ubuntu is the lack of a "usable" password for root.
The account exists (as it must), but is disabled in /etc/shadow.

>Florian writes:

>> It's often used if you don't want to change the root password every
>> time somebody leaves the admin team 

We always created separate users that had individual passwords other
than their "user" accounts, and these special accounts had sudo levels
without passwords. Use of 'su' to become these special users was logged,
and 'sudo' differentiated what those special users could do.

>> and of course it's the only sane thing if you want to give only
>> partial sudo access to somebody.

Depends - we used to use special group accounts for some things that
depended on SUID root binaries.  One of the first "rootly" things I
got was the ability to mount tapes by changing group to 'tapemonkey'
which required a password.  The needed binaries were chmod 4750 and
were owned by 'root:tapemonkey'.  We do a similar trick now with the
shutdown command - on workstations, /sbin/shutdown is owned by
"root:slave" to allow members of that group to do the shutdown. On the
servers, it's a different group.

>Offhand, I can't think of a good reason to configure it to require
>the root password.

Sudo?   Yeah, I can agree with that.

        Old guy

Old guy writes:
> The problem in Ubuntu is the lack of a "usable" password for root.
> The account exists (as it must), but is disabled in /etc/shadow.

Anyone who cannot manage the trivial task of adding a root password is
better off without one.
-- 
John Hasler 
jhasler@newsguy.com
Dancing Horse Hill
Elmwood, WI USA

Alan Mackenzie <acm@muc.de> writes:


> The main use of sudo, as far as I can tell, is to create systems without
> a root user (or without a root password).  Ubuntu does this.  The theory
> is that Ubuntu users aren't really to be trusted with a proper root
> account because they'll likely foul things up, but they need a certain

It's a common opinion that people shouldn't use the root account for their
daily work. Ubuntu encourages this by making it hard to login as root
and making it easy to get temporary root privileges

> Ubuntu had put in it's own non-standard init program (for no good
> reason), 

SysV init is a bit dated now and there have been many attempts to add
missing features (like automated dependency checking for init scripts)
or replace it in the last years.

According to
http://docs.fedoraproject.org/release-notes/f9/en_US/sn-System-Services.html#sn-Upstart
Fedora switched to upstart, too.

> and they had forgotten to document its configuration, 

init(8) says in the DESCRIPTION section

,----
|  Processes managed by init are known as jobs and are defined by files in
|  the /etc/init directory.  See init(5) for more details.
`----

and init(5) indeed has the details about the configuration.



   Florian
-- 
<http://www.florian-diesch.de/software/pdfrecycle/>

* GangGreene wrote in comp.os.linux.misc:

> SINNER wrote:
> 
>> * Chris Cox wrote in comp.os.linux.misc:
>> 
>>> Matthew Lincoln wrote:
>>>> Sorry for this newbie question:
>>>> 
>>>> at is the difference between "su" and "sudo" command ?
>>> 
>>> sudo is a more flexible and feature full way of doing something
>>> as another user.  Has more options allowing for things like
>>> executing only specific commands, executing things without
>>> password, etc.  It's closer to allowing role based security.
>>> 
>>> su is pretty basic.
>> 
>> You have that backwards. su opens a shell as that user, from there
>> you can do anything as the new user. sudo limits you to one command
>> and is far more limited.
>> 
>> sudo elevates your permissions, su makes you the specified user.
>> 
> 
> Wrong!

Really? what did I say that was wrong?

man su

http://unixhelp.ed.ac.uk/CGI/man-cgi?su

man sudo 

http://www.gratisoft.us/sudo/man/sudo.html

Looks pretty much like exactly what I said?


> 
> sudo -i
> 
> whoami
> 

No shit.

-- 
David

ibuprofin@painkiller.example.tld.invalid (Moe Trin) writes:

> On Thu, 31 Dec 2009, in the Usenet newsgroup comp.os.linux.misc, in article
> <87my0z0zy6.fsf@thumper.dhh.gt.org>, John Hasler wrote:
>
>>It is the default configuration in Debian.
>
> Among others
>
>>You are, of course, free to change it in either Debian or Ubuntu.
>
> The problem in Ubuntu is the lack of a "usable" password for root.
> The account exists (as it must), but is disabled in /etc/shadow.
>
>>Florian writes:
>
>>> It's often used if you don't want to change the root password every
>>> time somebody leaves the admin team 
>
> We always created separate users that had individual passwords other
> than their "user" accounts, and these special accounts had sudo levels
> without passwords. Use of 'su' to become these special users was logged,
> and 'sudo' differentiated what those special users could do.

So to revoke access to one of those special accounts for some user you
have to change that special account's password. If that happens
frequently it can be quite annoying and - depending on the level
bureaucracy involved - costly.



   Florian
-- 
<http://www.florian-diesch.de/software/xxgamma/>

SINNER <arcade.master@gmail.com> writes:

> * GangGreene wrote in comp.os.linux.misc:
>
>> SINNER wrote:
>> 
>>> * Chris Cox wrote in comp.os.linux.misc:
>>> 
>>>> Matthew Lincoln wrote:
>>>>> Sorry for this newbie question:
>>>>> 
>>>>> at is the difference between "su" and "sudo" command ?
>>>> 
>>>> sudo is a more flexible and feature full way of doing something
>>>> as another user.  Has more options allowing for things like
>>>> executing only specific commands, executing things without
>>>> password, etc.  It's closer to allowing role based security.
>>>> 
>>>> su is pretty basic.
>>> 
>>> You have that backwards. su opens a shell as that user, from there
>>> you can do anything as the new user. sudo limits you to one command
>>> and is far more limited.
>>> 
>>> sudo elevates your permissions, su makes you the specified user.
>>> 
>> 
>> Wrong!
>
> Really? what did I say that was wrong?

They both do the same: Let you run a program as another user.  The only
difference is that sudo offers more flexibility by editing /etc/sudoers
and su defaults to run a shell while sudo defaults to run a given
command.



   Florian
-- 
<http://www.florian-diesch.de/software/pdfrecycle/>

SINNER wrote:

> * GangGreene wrote in comp.os.linux.misc:
> 
>> SINNER wrote:
>> 
>>> * Chris Cox wrote in comp.os.linux.misc:
>>> 
>>>> Matthew Lincoln wrote:
>>>>> Sorry for this newbie question:
>>>>> 
>>>>> at is the difference between "su" and "sudo" command ?
>>>> 
>>>> sudo is a more flexible and feature full way of doing something
>>>> as another user.  Has more options allowing for things like
>>>> executing only specific commands, executing things without
>>>> password, etc.  It's closer to allowing role based security.
>>>> 
>>>> su is pretty basic.
>>> 
>>> You have that backwards. su opens a shell as that user, from there
>>> you can do anything as the new user. sudo limits you to one command
>>> and is far more limited.
>>> 
>>> sudo elevates your permissions, su makes you the specified user.
>>> 
>> 
>> Wrong!
> 
> Really? what did I say that was wrong?


">> sudo limits you to one command and is far more limited."



> 
> man su
> 
> http://unixhelp.ed.ac.uk/CGI/man-cgi?su
> 
> man sudo
> 
> http://www.gratisoft.us/sudo/man/sudo.html
> 
> Looks pretty much like exactly what I said?
> 
> 
>> 
>> sudo -i
>> 
>> whoami
>> 
> 
> No shit.
> 

Matthew Lincoln wrote:

> Sorry for this newbie question:
> 
> at is the difference between "su" and "sudo" command ?
> 
> Matthew

sudo runs commands as the user you assume the privs of, while su makes
you the user (changes you to that user).  Most people use sudo to limit
what commands what users can have access to run, which is usually
safer.  Of course, there's a lot more to it than that.
-- 
Not really a wanna-be, but I don't know everything.

On Dec 30 2009, 1:15=A0pm, kmlincoln...@hotmail.com (Matthew Lincoln)
wrote:
> Sorry for this newbie question:
>
> at is the difference between "su" and "sudo" command ?
>
> Matthew

http://kb.iu.edu/data/amyi.html

On Dec 30 2009, 1:15=A0pm, kmlincoln...@hotmail.com (Matthew Lincoln)
wrote:
> Sorry for this newbie question:
>
> at is the difference between "su" and "sudo" command ?
>
> Matthew

http://kb.iu.edu/data/amyi.html

On 2010-01-01, Wanna-Be Sys Admin <sysadmin@example.com> wrote:

> sudo runs commands as the user you assume the privs of, while su makes
> you the user (changes you to that user).  Most people use sudo to limit
> what commands what users can have access to run, which is usually
> safer.  Of course, there's a lot more to it than that.

Such as: 

Sudo can be configured to log all invocations of the command.  Also,
su doesn't provide all the users settings.  Try "su -" to get true
user bennies.

nb 

On Dec 30 2009, 6:15=A0pm, kmlincoln...@hotmail.com (Matthew Lincoln)
wrote:
> Sorry for this newbie question:
>
> at is the difference between "su" and "sudo" command ?
>
> Matthew

Hi,

I would say that "sudo" executes a single command, with root
permissions,
while "su" starts a new shell with root permissions. So, "su" is like
doing:

   # sudo bash

-Mike

On Thu, 31 Dec 2009, in the Usenet newsgroup comp.os.linux.misc, in article
<87aawy29rg.fsf@thumper.dhh.gt.org>, John Hasler wrote:

Happy New Year, John

>Old guy writes:

>> The problem in Ubuntu is the lack of a "usable" password for root.
>> The account exists (as it must), but is disabled in /etc/shadow.

>Anyone who cannot manage the trivial task of adding a root password
>is better off without one.

Ding, Ding, Ding  - we have a winner!    I scan the a.o.l.ubuntu
newsgroup (and the recently created a.o.l.mint), and after your
killfile is through, the majority of the questions reflect this
skill level.  Occasionally, you'll see a post asking how to enable
root (or more disturbingly the "administrator") account, but few of
the real replies provide the needed clue.   Wonder why.

        Old guy

On Thu, 31 Dec 2009, in the Usenet newsgroup comp.os.linux.misc, in article
<ueev07-3fp.ln1@mid.florian-diesch.de>, Florian Diesch wrote:

>ibuprofin@painkiller.example.tld.invalid (Moe Trin) writes:

>> We always created separate users that had individual passwords other
>> than their "user" accounts, and these special accounts had sudo levels
>> without passwords. Use of 'su' to become these special users was logged,
>> and 'sudo' differentiated what those special users could do.

>So to revoke access to one of those special accounts for some user you
>have to change that special account's password.

Same as revoking access to any user account.

>If that happens frequently it can be quite annoying and - depending on
>the level bureaucracy involved - costly.

Not really - other than the student interns, we don't have a significant
turn-over rate.  Example, my department has 38 people, and all have been
with the company over five years.

The registrar at each facility (who has the responsibility for - among
other things - creating/deactivating/removing user accounts) has a simple
script that handles the deactivation of accounts - basically takes a
username, asks for the GECO name, room number, and phone extension for
confirmation, then locks the account via the password and authentication
files.  This action is taken in response to notification from the users
supervisor _OR_ HR.   Removing old accounts are more of a hassle because
the old account may have files that have to be transferred to other
users and that takes some coordination.  Maybe even some thinking!

        Old guy

On Wed, 30 Dec 2009 18:15:21 +0000, Matthew Lincoln wrote:

> Sorry for this newbie question:
> 
> at is the difference between "su" and "sudo" command ?
> 
> Matthew

'su' short for 'switch user.'  Using su, one switches over to another 
user's identity (most often root) and has unlimited access after that.  
Its /almost/ the same as simply logging in as that user.

sudo can operate like su does, but it can also be much  more limited.  
For instance, you can set up your sudoers to say that user mary is 
allowed to execute the shutdowndown..

sudo shutdown -h now

but that is the only root command she is allowed to run.  You can even 
say if it should prompt her for a password or just do it.


Read the man page between the two commands.

Matthew Lincoln wrote:

> 
> 
> Sorry for this newbie question:
> 
> at is the difference between "su" and "sudo" command ?
> 
Surely the correct answer to this one (apart from the man page suggestions) 
is along the lines of Homer Simpson: do!
-- 
Dave
da ve@llondel.org (without the space)
So many gadgets, so little time.

kmlincoln100@hotmail.com (Matthew Lincoln) writes:
> Sorry for this newbie question:
>
> at is the difference between "su" and "sudo" command ?

$ man su 
    vs 
$ man sudo 

would be the RTFM answer.  :-)

But, in a nutshell, su switches users, while sudo ("sooo do") is most
often used to execute a single command as the superuser, and nothing
else.

With su, your shell prompt will be as a different user, and will stay
that say until you exit that shell.  Issue the "id" command to see who
you are at any given instant.  su - is the usual way a regular user
might change temporarily to be the root user.  Or, how a root user
might change to joeblow's account (su joeblow) to test something.

sudo, on the other hand simply executes one command as the superuser
(or an optionally specified username).  Say, if you are loged in as
joeblow, and need to restart a daemon, you'd
      joeblow$ sudo /etc/init.d/daemonofchoice restart

sudo allows an administrator to have a great deal more granular
control of allowing users to do specific stuff as the superuser,
rather than having to grant the person access to the root account.
/etc/sudoers is the file where you can, for example, lock joeblow down
to simply restarting that daemon, or allowing joeblow to do anything
he wants as root.   Another nice thing about sudo is that in an
environment where you have several users doing things as root, the
sudo log gives you a nice audit trail of which admin user did what,
when, rather than trying to infer it as you do when you have a shared
root password that too many people know.   

Finally, no discussion of sudo would be complete without a link to the
following:
           http://xkcd.com/149/

* GangGreene wrote in comp.os.linux.misc:

> SINNER wrote:
> 
>> * GangGreene wrote in comp.os.linux.misc:
>> 
>>> SINNER wrote:
>>> 
>>>> * Chris Cox wrote in comp.os.linux.misc:
>>>> 
>>>>> Matthew Lincoln wrote:
>>>>>> Sorry for this newbie question:
>>>>>> 
>>>>>> at is the difference between "su" and "sudo" command ?
>>>>> 
>>>>> sudo is a more flexible and feature full way of doing something
>>>>> as another user.  Has more options allowing for things like
>>>>> executing only specific commands, executing things without
>>>>> password, etc.  It's closer to allowing role based security.
>>>>> 
>>>>> su is pretty basic.
>>>> 
>>>> You have that backwards. su opens a shell as that user, from there
>>>> you can do anything as the new user. sudo limits you to one command
>>>> and is far more limited.
>>>> 
>>>> sudo elevates your permissions, su makes you the specified user.
>>>> 
>>> 
>>> Wrong!
>> 
>> Really? what did I say that was wrong?
> 
> 
> ">> sudo limits you to one command and is far more limited."
> 

Which is correct

$ sudo <command>

Using sudo to grab an interactive login shell is another story entirely.

In your example after sudo -i you arent using sudo anymore, nothing you 
do after that point is logged unlike in the above example.

-- 
David

In <4b3b98b9$0$6580$9b4e6d93@newsspool3.arcor-online.net> kmlincoln100@hotmail.com (Matthew Lincoln) writes:

> Sorry for this newbie question:

> at is the difference between "su" and "sudo" command ?

su lets you log in as another user.  Once logged in, you can do anything
that user could do.

sudo lets you perform only some commands as another user, and also
keeps a log of what you did.

-- 
John Gordon                   A is for Amy, who fell down the stairs
gordon@panix.com              B is for Basil, assaulted by bears
                                -- Edward Gorey, "The Gashlycrumb Tinies"

On Dec 30 2009, 1:15=A0pm, kmlincoln...@hotmail.com (Matthew Lincoln)
wrote:
> Sorry for this newbie question:
>
> at is the difference between "su" and "sudo" command ?
>
> Matthew

This article has a very good description:

http://www.tuxmagazine.com/node/1000148

The man commands for each will also provide additional insight.

--
Brie

Le 30/12/2009 19:15, Matthew Lincoln a �crit :
> Sorry for this newbie question:
> 
> at is the difference between "su" and "sudo" command ?

su means that you become the super-user with right of death on the whole
system

sudo is followed by the name of a command which can only be used by the
super-user, but you are not the super-user, you have only the right to
use pre-defined commands.


-- 
Fran�ois Patte
Universit� Paris Descartes

On Dec 30 2009, 1:15 pm, kmlincoln...@hotmail.com (Matthew Lincoln)
wrote:

> Sorry for this newbie question:
> [wh]at is the difference between "su" and "sudo" command ?

> Matthew

One *relatively* simple answer I've not yet seen:

su:
comes standard with most or all versions of unix/linux.
it simply allows you to *become* any other user on the system, so that
you can see their files & directories and possibly run programs *as*
them.  There are two different ways to execute "su": one as simply
"su", followed by an optional username if you don't want to become
"root"; the other is to add the minus-sign, "su -".  To understand the
difference, you must understand how shell-initialization works, with
such files as ".cshrc" or ".profile" and ".kshrc", etc.  Too
complicated to explain here.

sudo:
typically an add-on program, though it might often be included with
various flavors of Linux.
It's primary purpose is *not* simply to become some other user on the
system --although I believe this can be accomplished with sudo-- but,
rather, to allow you to execute specially-priviledged commands,
usually restricted to the super-user (root).  I don't recall ever
hearing of anybody's using sudo to allow a person to execute specially-
priviledged commands of some user *other* than root though maybe it
can be done and maybe it sometimes is done.

NOTE:  "su" and "sudo" *each* are configurable as to which users are
allowed to use them.  However, I believe that there is only one
permission-file & one permission-setting for "su": either you are
allowed to use "su" or you are not allowed to use it.  But with sudo,
the allowable permissions are highly configurable, at least regarding
the various commands/programs that the user is granted to execute (at
least as "root"; again, not sure about other users).

Note also:  The use of the password with sudo is *not* specific to
Ubuntu.

Hope this helps.

--JRAvery

François Patte <francois.patte@mi.parisdescartes.fr>:
>  Le 30/12/2009 19:15, Matthew Lincoln a écrit :
> > Sorry for this newbie question:
> > 
> > [wh]at is the difference between "su" and "sudo" command ?
> 
>  su means that you become the super-user with right of death on the whole
>  system
> 
>  sudo is followed by the name of a command which can only be used by the
>  super-user, but you are not the super-user, you have only the right to
>  use pre-defined commands.

In theory.  I'd like to live in Theory.  Everything works in Theory.

   su -c 'vi /etc/apt/sources.lst'

   sudo vi /etc/apt/sources.lst

There's no difference, except sudo's a lot sloppier about security (IMO).

"su -" lets you walk around with lit sticks of dynamite in your hands.
Sudo has a mode that'll allow that too.

I prefer su -.  Choose your poison.  Read man pages.  :-)


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)    http://blinkynet.net/comp/uip5.html      Linux Counter #80292
- -    http://www.faqs.org/rfcs/rfc1855.html    Please, don't Cc: me.