LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-13-2012, 02:26 AM   #1
Rohit_4739
Member
 
Registered: Oct 2010
Distribution: Red Hat
Posts: 224

Rep: Reputation: 9
Difference between su - and sudo su -


Hi,

I know what su does and what is used for and also what sudo does and what it is used for. But i am confused between
su - and sudo su -, is there any difference i
 
Old 09-13-2012, 02:31 AM   #2
Rohit_4739
Member
 
Registered: Oct 2010
Distribution: Red Hat
Posts: 224

Original Poster
Rep: Reputation: 9
Difference between su - and sudo su -

Hi,

I know what su does and what is used for and also what sudo does and what it is used for. But i am confused between

su - and sudo su -,

is there any difference in the two commands and if yes then what is the difference. When i run su - it will ask me for the root password and i will login in as root.

In the second case "sudo su -" ,ideally it should first ask for the password of the currently logged in user for user and then it should ask for the password for the root user. However what is happening is that its not asking for root password.

So i am confused why password for root is not being prompted for. And if this is the case then i assume it is a security issue as anybody with sudo access to su command can switch to root and can do anything he/she wants.

PLease throw some light on it.

Thanks
 
Old 09-13-2012, 02:35 AM   #3
evo2
Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,434

Rep: Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192
Hi,

if you run "sudo su -", su will not ask for the root password because it (su, in this case "su -") is being run with root permissions, and root is not asked for a password when running su.

HTH,

Evo2.
 
Old 09-13-2012, 02:36 AM   #4
suttiwit
Member
 
Registered: Aug 2012
Location: Chiang Mai, Thailand
Distribution: Kubuntu 12.10 x86_64
Posts: 192
Blog Entries: 2

Rep: Reputation: 22
Hello, If you type "su -" in the command-line, you have to know the root password then you can do things as root from the command-line. If you type "sudo su -" in the command-line, you will have to be in sudoers and you can use your own password without using root's password.

Different ways, different user requirements but same results.
 
Old 09-13-2012, 02:37 AM   #5
evo2
Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,434

Rep: Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192
Hi,

regarding it being a security issue, if you don't like it, then don't configure sudo in that way.

Evo2.
 
Old 09-13-2012, 02:49 AM   #6
suttiwit
Member
 
Registered: Aug 2012
Location: Chiang Mai, Thailand
Distribution: Kubuntu 12.10 x86_64
Posts: 192
Blog Entries: 2

Rep: Reputation: 22
You are double-posting. You are posting 2 times. But, I answered you on the first post.
 
Old 09-13-2012, 02:57 AM   #7
John VV
Guru
 
Registered: Aug 2005
Posts: 13,053

Rep: Reputation: 1741Reputation: 1741Reputation: 1741Reputation: 1741Reputation: 1741Reputation: 1741Reputation: 1741Reputation: 1741Reputation: 1741Reputation: 1741Reputation: 1741
if you are going to configure "sudo"
then why even bother with adding the redundant su - afterword

if you only have one or two users then there is no real need to open the can of worms that " sudo" is

su = root user BUT with the NORMAL user $PATH
su - = root with root $PATH and IN the root $HOME folder
 
Old 09-13-2012, 02:58 AM   #8
Rohit_4739
Member
 
Registered: Oct 2010
Distribution: Red Hat
Posts: 224

Original Poster
Rep: Reputation: 9
Hi evo2,

thanks for the reply, so that means running su - and sudo su - are same thing ?

Quote:
Originally Posted by evo2 View Post
Hi,

regarding it being a security issue, if you don't like it, then don't configure sudo in that way.

Evo2.
By this did you mean that i should not allow su to be run with sudo or something else ?
 
Old 09-13-2012, 03:02 AM   #9
Rohit_4739
Member
 
Registered: Oct 2010
Distribution: Red Hat
Posts: 224

Original Poster
Rep: Reputation: 9
Quote:
Originally Posted by John VV View Post
if you are going to configure "sudo"
then why even bother with adding the redundant su - afterword

if you only have one or two users then there is no real need to open the can of worms that " sudo" is

su = root user BUT with the NORMAL user $PATH
su - = root with root $PATH and IN the root $HOME folder
Hi John,

I know the difference between su and su - , however my doubt is what is difference between issuing "su - " and "sudo su -" and why it does not prompt for root password while i issue the second command.
 
Old 09-13-2012, 03:05 AM   #10
Rohit_4739
Member
 
Registered: Oct 2010
Distribution: Red Hat
Posts: 224

Original Poster
Rep: Reputation: 9
Quote:
Originally Posted by suttiwit View Post
You are double-posting. You are posting 2 times. But, I answered you on the first post.
I am sorry for posting twice, that was posted mistakely twice. However i think you did not get my question correctly because i was not asking about the su and sudo difference and i know for simply su you have to know the password of the user you are switching to and for sudo you have to provide yuor own password to validate that you are a valid sudoer.

My question is regarding specifically to su - and sudo su - and why no root password is being asked in second case and what is the difference between two commands.
 
Old 09-13-2012, 03:06 AM   #11
Rohit_4739
Member
 
Registered: Oct 2010
Distribution: Red Hat
Posts: 224

Original Poster
Rep: Reputation: 9
Hi Moderator,

Please remove this thread it was posted twice mistakenly. I aplolize for the inconvenince.
 
Old 09-13-2012, 10:01 PM   #12
evo2
Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,434

Rep: Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192Reputation: 1192
Hi,
Quote:
Originally Posted by Rohit_4739 View Post
thanks for the reply, so that means running su - and sudo su - are same thing ?
No they are not the same thing, but the results are the same.
Quote:
By this did you mean that i should not allow su to be run with sudo or something else ?
What I mean is, if you don't want uses to be able to obtain a root shell, then don't configure your /etc/sudoers in a way that will allow it. It's up to you.

Evo2
 
Old 09-14-2012, 07:39 AM   #13
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,401

Rep: Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119
Blink...!

You are allowing the su command to be executed using sudo?!

"Pardon me, sir or madam, but are you -ing mad?!?! Hath thou taken utter and complete leave of thy senses? Your village just called and said that they've apparently misplaced their ..."

etcetera ... ... ... ...

... but my point is deadly-serious.

If you blithely allow that particular command-sequence to be executed, then anyone can become a god using their own password.
 
1 members found this post helpful.
Old 09-14-2012, 09:46 PM   #14
jefro
Guru
 
Registered: Mar 2008
Posts: 11,731

Rep: Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445
My opinion is that su is switch user. Blank name defaults usually to root so su Bob is different than su.

Sudo is run from my current user under root so that sudo su is run su as admin user. That is why it asks then for admin password. Rather an odd way to run su.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Ultimate Sudo FAQ To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 01:36 AM
What is difference between Power broker utility and sudo command. pinga123 Linux - Newbie 4 08-12-2011 03:34 AM
difference between sudo su and su - for X11 noir911 Linux - Server 2 02-03-2009 10:39 PM
su - / sudo difference acbenny Linux - General 6 08-05-2004 03:13 PM


All times are GMT -5. The time now is 02:19 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration