4

It seems as if there is no difference whatsoever. When the whoami or id commands are run, they all yield root credentials. Is this an illusion? If the root account is disabled by default in Ubuntu, and therefore su gives and authentication error, then why allow sudo -I

Edit: Excuse me, the ONLY difference I have learned of is that sudo -I asks for the password of the user who invoked the command, and su asks for root, or some other target user's password.

Is there any OTHER difference?

Braiam
  • 67,791
  • 32
  • 179
  • 269
user161589
  • 75
  • 3
  • 9
  • 1
    The account exists, have a look at sudo grep root /etc/passwd. What's disabled is logging in as root. – terdon Mar 16 '14 at 02:44

2 Answers2

0

EDITED. Note: This answer has been heavily edited since its last iteration based on Eliah Kagan's comments.

sudo -i runs a login shell with root privileges, simulating an initial login with root, acting similar to su -. The primary difference between sudo -i and su - is that sudo -i can be executed using a sudoer's password, while su - must be executed with the root account's password. Hence, if you are on a default *buntu install, where root login is disabled, sudo -i can be used while su and its variants cannot.

If you run the following commands:

$ sudo -i
[sudo] password for <username>: <enter user's password>
# cd ~
# pwd

you will get the output:

/root

Hence, you can see that sudo -i simulates an initial root login, including changing the home folder ($HOME) to root's, rather than your own. This also means sudo -i reads login files like .profile.

Meanwhile, sudo -s starts a new shell but without simulating initial login - login files are not read and $HOME is still set to your user's home folder.

If you run the following commands:

$ sudo -s
[sudo] password for <username>: <enter user's password>
# cd ~
# pwd

you will get the output:

/home/<username>

From this, you can see that sudo -s does not simulate an initial login, and does not change $HOME.

Davidson Chua
  • 223
  • 1
  • 11
  • In other words, the change in the required password is really the only difference. Yet that seems like a flaw in Ubuntu systems, su is harder to use, because one, the root account needs to be enabled, and two, you need to know root's password, yet why would you go to all that trouble when you could just do sudo -i? What do you gain by doing su? – user161589 Mar 16 '14 at 17:05
  • @user161589 NO! The change in the user's password is *not* the only difference. See my answer below. – Seth Mar 16 '14 at 17:45
  • 1
    @Seth The difference in what password is used actually is the main important difference here, except when running GUI apps. Please see my comment on your answer. Davidson Chua: sudo -s corresponds rougly to su, while sudo -i is like to su -. (In the same way, plain sudo corresponds to su -c.) If someone uses sudo -i to run a graphical app (to prevent root-owned config files in their home folder), the su-based way would be su - (for a shell) or su - -c. – Eliah Kagan Mar 16 '14 at 18:52
  • @EliahKagan If you run sudo -s and then cd and pwd, you will be in your (user) home folder. If you do the same with sudo -i, you will be in /root. This means that sudo -s starts a new shell with root privileges, while sudo -i starts a new initial login as root. You can refer to Mike Scott's answer on the duplicate question. – Davidson Chua Mar 18 '14 at 14:11
  • @DavidsonChua What you've just commented seems consistent with what I've said. But it's actually not quite correct (nor is it quite what Mike Scott said). sudo -i doesn't really log in as root (or any user); instead, it runs a login shell with elevated privileges. That's why -i is called the **simulate initial login* option in the sudo manpage. Note that essentially any shell can be started as a login shell (you can run bash --login for example); this doesn't mean it's being triggered by an actual login. – Eliah Kagan Mar 18 '14 at 19:57
  • @DavidsonChua *(Edited.)* On the other hand, I think my comparison of su to sudo -s (in that comment) is a bad one, or at least misleading. I'm sorry about that. sudo -i does behave very similarly to su - (or su - -c), but sudo -s is not as close a match for su (or su -c) because while plain su does not invoke a login shell it does change more environment variables than plain sudo or sudo -s (in particular, plain su changes $HOME). – Eliah Kagan Mar 18 '14 at 20:01
  • Ah, my bad. I meant simulated initial login, not an actual login. Other than that, your comments seem correct, so I will update my answer accordingly. – Davidson Chua Mar 19 '14 at 02:17
  • After looking at the duplicate's solution again, another difference between su and sudo -i is that su gives you complete root priveleges, as if you were actually root. Whereas, sudo -i you can restrict which programs users in the sudoers file can run. Thus, the sudoers aren't really root. To edit root's priveleges and settings you would literally have to be logged in as root, and the changes would be reflected when you su. – user161589 Aug 09 '15 at 18:07
0

sudo -i tries to become the user whose password you use, it runs that user's login specific resources (.profile etc) and tries to run from the user's home directory.

su on the other hand logs you in as other users, in the other user's home directory. And that account's login specific resources will be run. By default su logs you in as root.

I recommend using sudo -i over su, unless you know what you're doing.

Seth
  • 58,122
  • Files created from a sudo -i shell are owned by root too, same with regular sudo, sudo -s, sudo -H, su -, and others. You may be thinking of how files (particularly config files) in the user's own home directory may be created as root and prevent applications from working properly. This is specifically a problem with graphical applications (since they usually store user-specific configuration files). The reason sudo -H and sudo -i avoid this is they cause root's home folder to be used instead. sudo -i should not be used as a general alternative to regular sudo. – Eliah Kagan Mar 16 '14 at 18:41
  • @EliahKagan You're right, I had misread some earlier posts, my bad. IMO most of my answer still stands however, there is more of a difference between sudo -i and su than just the password. – Seth Mar 16 '14 at 23:15