Arch Linux

r0llingthund

Member

Registered: 2011-04-09

Posts: 15

su or sudo?

I understand they both give me root privileges (su = till I exit; sudo = only for that command)

Is there a downside to using su and doing some commands and then exiting the su, rather than using sudo in front of some of your commands?
Am I missing some obvious difference, or is it just matter of preference?

pivotraze

Member

From: Missoula, MT

Registered: 2011-08-21

Posts: 113

Re: su or sudo?

Su makes it easier for multiple commands, like when you know you will have to enter many:

EXAMPLE (I had to do this every time before I installed netcfg):
[you@yourmachine]$  su
[password]
[root@yourmachine]$ iwconfig rate wlan0 5.5M fixed
[root@yourmachine]$ wpa_supplicant -B -Dwext -iwlan0 -c /etc/wpa_supplicant.conf
[root@yourmachine]$ dhcpcd wlan0

Sudo is simple for one code things:

EXAMPLE:
[you@yourmachine]$ sudo pacman -S gnome gnome-extra chromium thunderbird
[password]

I personally prefer sudo for one liners, and su for multi-liners. It really is preference though... I think

Last edited by pivotraze (2011-08-24 02:51:29)

---

NetGUI

r0llingthund

Member

Registered: 2011-04-09

Posts: 15

Re: su or sudo?

That was what I thought. I just was making sure what was in my head was right.

Thank you

stlarch

Member

From: hell

Registered: 2010-12-25

Posts: 1,265

Re: su or sudo?

Sudo is also sort of like a safety net, allowing only temporary root privileges and making it less likely for you to accidentally hose your system.

Wintervenom

Member

Registered: 2008-08-20

Posts: 1,011

Re: su or sudo?

Su makes it easier for multiple commands, like when you know you will have to enter many:

sudo -sH

pivotraze

Member

From: Missoula, MT

Registered: 2011-08-21

Posts: 113

Re: su or sudo?

Su makes it easier for multiple commands, like when you know you will have to enter many:

sudo -sH

Ah, I learnt something new today!

---

NetGUI

Larsson

Member

From: Sweden

Registered: 2010-03-22

Posts: 156

Re: su or sudo?

man sudo -> sudo, sudoedit - execute a command as another user
man su -> su - run a shell with substitute user and group IDs

---

"If the person you are talking to doesn't appear to be listening, be patient. It may simply be that he has a small piece of fluff in his ear." - A.A. Milne (Winnie-the-Pooh)

fredo1664

Member

From: Ireland (but I'm French)

Registered: 2011-08-09

Posts: 29

Re: su or sudo?

sudo also allows you to define exactly what command(s) each user is allowed to run with root privileges. I suppose you only have one user account on your box (you), but if you had for example 3, you could decide that one can run everything as root (typically you), another one is only allowed to run pacman -or mount or eject or whatever-, and the third one is not allowed to run any command as root... with sudo, there is no need to give the second one the root password, which is safer.

---

I'm French and French people can't speak English, so please please please excuse the terrible English!

SanskritFritz

Member

From: Budapest, Hungary

Registered: 2009-01-08

Posts: 1,924

Website

Re: su or sudo?

The reason I don't use sudo is that any script can issue a sudo and if the timing is lucky (within a previous sudo call timeout) it can get root rights immediately. This scares me.

---

zʇıɹɟʇıɹʞsuɐs AUR || Cycling in Budapest with a helmet camera || Revised log levels proposal: "FYI" "WTF" and "OMG" (John Barnette)

Ramses de Norre

Member

From: Leuven - Belgium

Registered: 2007-03-27

Posts: 1,289

Re: su or sudo?

The reason I don't use sudo is that any script can issue a sudo and if the timing is lucky (within a previous sudo call timeout) it can get root rights immediately. This scares me.

You can easily turn that off.

fredo1664

Member

From: Ireland (but I'm French)

Registered: 2011-08-09

Posts: 29

Re: su or sudo?

The reason I don't use sudo is that any script can issue a sudo and if the timing is lucky (within a previous sudo call timeout) it can get root rights immediately. This scares me.

You can easily turn that off.

wiki.

---

I'm French and French people can't speak English, so please please please excuse the terrible English!

Awebb

Member

Registered: 2010-05-06

Posts: 6,298

Re: su or sudo?

This only applies to the same shell in which you ran sudo. Another shell, another auth.

falconindy

Developer

From: New York, USA

Registered: 2009-10-22

Posts: 4,111

Website

Re: su or sudo?

This only applies to the same shell in which you ran sudo. Another shell, another auth.

Assuming that's how sudo is configured... (tty_tickets option in sudoers).

---

blog | ±github

SS4

Member

From: !Rochford, Essex

Registered: 2010-12-05

Posts: 699

Re: su or sudo?

sudo comes in handy when you want to run as a different user rather than simply root. For example I use sudo to search the AUR as user if I'm logged in as root.

I personally like to have a bash shell open as root and one or more as user. It is better to use sudo if you cannot guarantee the physical security of the computer.

---

Rauchen verboten

Inxsible

Forum Fellow

From: Chicago

Registered: 2008-06-09

Posts: 9,183

Re: su or sudo?

For example I use sudo to search the AUR as user if I'm logged in as root

Why?? You don't need elevated permission to search AUR. Hell, even official repos can be searched with pacman without sudo.

---

Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

chemicalfan

Member

From: United Kingdom

Registered: 2011-05-25

Posts: 58

Re: su or sudo?

su -c can be used in place of sudo, I'm not sure of the techincal details, but it doesn't rely on the sudo package (although many scripts do, so you still need them)

ANOKNUSA

Member

Registered: 2010-10-22

Posts: 2,141

Re: su or sudo?

Sudo also allows for a finer degree of administrative control, letting you grant certain commands user privileges with visudo (shutdown, restart, pm-suspend, ifconfig, hwclock, etc.).  Assuming you're not using a full DE, it's useful if you want to set such relatively benign commands to keybindings, aliases or a clickable icon on a panel.

---

Linux != Windows  ::  Ask Questions the Smart Way  ::  Configs

SS4

Member

From: !Rochford, Essex

Registered: 2010-12-05

Posts: 699

Re: su or sudo?

For example I use sudo to search the AUR as user if I'm logged in as root

Why?? You don't need elevated permission to search AUR. Hell, even official repos can be searched with pacman without sudo.

I meant more for searching and then building from AUR since I believe it's unwise to call makepkg as root

---

Rauchen verboten

pivotraze

Member

From: Missoula, MT

Registered: 2011-08-21

Posts: 113

Re: su or sudo?

That's what the wiki says SS4. That it's unwise to makepkg as root. I just make sure to always run makepkg -s whenever I do haha

---

NetGUI

olive

Member

From: Belgium

Registered: 2008-06-22

Posts: 1,490

Re: su or sudo?

Sudo also allows for a finer degree of administrative control, letting you grant certain commands user privileges with visudo (shutdown, restart, pm-suspend, ifconfig, hwclock, etc.).  Assuming you're not using a full DE, it's useful if you want to set such relatively benign commands to keybindings, aliases or a clickable icon on a panel.

That's true. But I think that if security is really important, it is generally a bad idea to let users run commands as root. It open a hole when we could escalating it to have full root access. User commands that need root access usually have the suid bit set and can be run without sudo. Usually these commands only run a small partion of themselves with root access and drop root privilege afterwards. This small portion of code is double,tripled-checked.

For example letting a user to run pacman as root allow him easily to have full root access (just install a custom made package that overwrite /etc/passwd).

Last edited by olive (2011-08-24 22:08:50)