Su vs Sudo: differences and configuration

Isaac

3 minutes

Cartoon about the power of sudo when executing orders

Another article about his vs. sudo. The su program is widely used in Unix-like operating systems to access as root and obtain the necessary permissions to execute other commands from the terminal and even certain programs with a graphical user interface have extensions that graphically ask for this password when necessary.

As you know, su is the acronym for "substitute user" (change user) or super user (super user), there are several opinions. Be that as it may, this is not really important about your business. The good thing is that it allows us total control after entering the root password and making many modifications and system administration that without the privileges we would not be allowed.

su –c “comando”

The other utility is sudo (super user do), which is very similar to su but with some restrictions. However, despite being more restrictive and not giving you total control, it is less secure and its use is always advised in a controlled manner and when the work we want to do does not allow us to execute without privileges.

Sudo was written by Bob Coggeshall and Cliff Spencer in the eighties, when they were in the computer science department at New York University. It is currently maintained by one of the OpenBSD developers, Todd c. Miller in collaboration with Chris Jepeway and Aaron Spangler. It is compatible with different operating systems, such as GNU / Linux, BSD and derivatives and Mac OS X, ...

Versions have been published over the years modified and improved of sudo so that it works in the best possible way and is as secure as possible. The way to use it is similar to su, you type it and enter the password to obtain the privileges momentarily (grace period), but the root password is not needed, only the user's password.

sudo “comando”

By allowing get privileges to any user, sudo is less advisable and insecure than su, as we have said, but it can be faster or more practical in certain respects. For this reason, not all distributions integrate it. If you want sudo to be more secure, you can modify the sudoers file found in the / etc directory. This is how you will eliminate the "grace period" for an ingrate to use it for evil:

sudo nano /etc/sudoers

And at the end you write the following store, respecting spaces, upper and lower case and without making mistakes, then save the document and you're done:

Defaults:ALL timestamp_timeout=0

The file / Etc / sudoers It contains a list of users who are allowed to run or not certain programs and files. With another program or command called "visudo" we can further modify the / etc / sudoers file. You can get more information about him by consulting his manual. The good thing about visudo is that it edits the file without risks.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Walter White said
    ago 10 years

    The article is almost excellent, I just don't know what "beer" means, I think he meant: "beer";)

    Reply to Walter White
  2.   Pepe Matthias said
    ago 10 years

    Man, that that any user can access root privileges is not true, the user has to have administrator rights, if I do not give those rights sudo will not work.

    Reply to Pepe Matias
  3.   Jose said
    ago 4 years

    What a mess of an article, they have no idea what they're talking about.
    I doubt they have ever seen a * nix terminal in their lives.

    Reply to Jose