The Unix commands
su allow access to other commands as a different user.
sudo command stands for “superuser do”. It prompts you for your personal password and confirms your request to execute a command by checking a file, called
sudoers, which the system administrator configures. Using the
sudoers file, system administrators can give certain users or groups access to some or all commands without those users having to know the
root password. It also logs all commands and arguments so there is a record of who used it for what, and when.
To use the
sudo command, at the command prompt, enter:
command with the command for which you want to use
sudo command also makes it easier to practice the principle of least privilege (PoLP), which is a computer security concept that helps control system access and potential system exploits and compromises. For more information about the
sudo command, visit A. P. Lawrence’s Using sudo page.
su command stands for “switch user”, and allows you to become another user. To use the
su command on a per-command basis, enter:
su user -c command
user with the name of the account which you’d like to run the command as, and
command with the command you need to run as another user. To switch users before running many commands, enter:
user with the name of the account which you’d like to run the commands as.
user feature is optional; if you don’t provide a user, the
su command defaults to the
root account, which in Unix is the system administrator account. In either case, you’ll be prompted for the password associated with the account for which you’re trying to run the command. If you supply a user, you will be logged in as that account until you exit it. To do so, press
Ctrl-d or type
exit at the command prompt.
su creates security hazards, is potentially dangerous, and requires more administrative maintenance. It’s not good practice to have numerous people knowing and using the
root password because when logged in as
root, you can do anything to the system. This could provide too much power for inexperienced users, who could unintentionally damage the system. Additionally, each time a user should no longer use the
root account (e.g., an employee leaves), the system administrator will have to change the