when I try using a command with sudo everything works fine, however, if I want to log in as the superuser using su it doesn't let me. Why?
Asked
Active
Viewed 1.6k times
10
2 Answers
26
What is happening?
To change (switch) users using su command, you should provide the password of target user, that's how it works. However with sudo you can use your own password.
For example if you use the su - command to switch into root user, you have to use root's password which by default it does not have any password and also its account is disabled.
What is the different?
So with su we are giving away a single password to all users who needs to switch into the target user, what sudo does is to overcome this problem.
We setup a file named sudoers and within it we will define who can do what. With providing their password to sudo command, they are actually confirming it's really them who is trying to run a command and system can verify the user and the command they are allowed to use.
What can I do?
You can use: sudo -i to switch into root with its default shell as a login shell, or for a no-login shell sudo -s or even old school sudo su - (login shell again).
Extra informations
You can also use sudo -l to see what privileges you have, for example do you have the rights to switch into root or user bob or run a specific command using john at a specific machine?
To clarify about root account:
in a Ubuntu machine, by default root account does not have any password and at the same time the account is disabled. When you disable an account an exclamation mark "!", will be added in front of its password hash, so no one can login into that account, whether it has a password or not.
$ sudo grep root /etc/shadow
root:!:2020:0:99999:2:::
Which means root does not have any password (second section (delimited by ':') is empty, it only contains an exclamation mark) and at the same time it's disabled: pay attention to !.
Ravexina
- 55,668
- 25
- 164
- 183
4
No, in sudo you enter your own password, in su it is root's password, which normally is disabled in Ubuntu.
-
-
ah ok, thanks for clearing that up (i have been using Linux for a few months now, I'm surprised I didn't realise this earlier) – Sol33t303 Jul 03 '17 at 10:40
-
5@ravery Actually root login is disabled by setting an invalid password... So it is basically the same to my knowledge. – Byte Commander Jul 03 '17 at 10:43
-
@Byte -- I'm not sure about the mechanic, but sudo and su can both be used with the same password. changing your password changes sudo but not su. unless there has been a change to it since 15.04 – ravery Jul 03 '17 at 10:45
-
7@ravery, there are NO connection between the password used for
sudo(that is: your password) and the one used forsu(root's password) .. Of course you can set them to the same value, but they are still separate passowrds and changing the one don't change the other. – Soren A Jul 03 '17 at 11:18 -
-
2@ravery "root password isn't disabled, root login is disabled" - No, root's password is disabled, but root login is enabled. Logging in straight as root on an Ubuntu system is perfectly possible with SSH public key authentication, for example. If root login were disabled, this would not be possible. – marcelm Jul 03 '17 at 14:33
gksu x-terminal-emulatorfor example, why? – Ravexina Jul 03 '17 at 11:41sudo -iis preferred oversudo su -andsu -as it handles the environment more correctly. – Kaia Leahy Jul 04 '17 at 04:29suto become any other user without giving this user's password. – Baard Kopperud Jul 04 '17 at 06:22