linux - difference between root executing command as sudo vs not using sudo?
2014-07
user972276
I have a Linux question regarding the sudo command and the root user. If I log into the root user using the su command, what is the difference between the following two commands?
root> sudo ./some_executable
and
root> ./some_executable
is there a difference? I am trying to use an executable and noticed that the executable works fine with the first command, but fails for the second command stating that I am not running the command as root. I always thought that the sudo/su commands allow you to execute commands with root privileges and so doing the first command would be redundant. However, I did noticed that the root user is in the sudoers file so I did not know if this is a bug in the executable or if there really is a difference between running a command logged in as root vs using sudo?
djg
Your environment variables will be different for the two instances.
sudo will be resetting some of your environment variables - read the man page for sudo and look at the -E option as well as the section on the sudoers config file.
Additionally your use of su and not su - to gain root means you do not have a true root environment when executing the file directly.
In summary, you have an environment mismatch between the two situations making one work when the other doesn't.
Minh Hieu
A root user can have all the privileges. But a normal user can gain access like a root with su or sudo command and their own password.
So what's the difference?
Tremmors
A normal user can only gain root access with sudo if they are in the sudoers file (meaning they are trusted enough to gain admin permissions on demand). In a production environment, almost nobody should be a sudoer.
phihag
The su (and sudo) command traditionally require root's password. However, you can setup sudo so that ordinary users can achieve root privileges with their own password by modifying /etc/sudoers (as root, preferably with visudo).
Modern Linux distributions preconfigure the first user to be able to sudo with her own password. This prevents accidental system malconfiguration by the user, and enables them to gain full control without the need of a separate root password.
ldg
Not all normal users can use sudo, they have to be in the sudoers file and you can control which commands or types of commands the user can execute. Also, only certain users can use su to switch to the root user. Normally you would only have sudo permissions for a limited set of commands and full su permissions for a limited period of time.
Lord Loh.
To add to the above answers,
su user1 with the user's password shall switch your credential to user1 till you type exit
just su shall assume root by default.
sudo as mentioned in other answers, can be granted to trusted users and a ristricted set of commands. moreover, sudo can be configured to log commands executed. This is a good way to track misuse of privilege.
Michas
The su command it to temporary change an identity to any user on a system and execute many programs with his/her/its permissions. It doesn't have to be the root. If the user executing su isn't the root, he have to enter the password of the user he want get identity.
The sudo command is to execute one command with root permissions. It is very configurable. Some distribution let the first user of the system to execute with sudo everything. The entering own password is optional.
dr jimbob
Only users with super-user privileges can sudo or su, normal users cannot. This is configured in /etc/sudoers, which should always be edited with visudo.
The benefits of this system are:
- Its easy for a privileged user to run commands as root only when needed,
- makes it harder to guess the root username (e.g., if a simple ssh bot tried logging into a system
rootwould be the first login name to guess). - Multiple users on a shared system can have root permissions, without needing to share passwords.