sudo su - and su -

Hello,

quick question please. Whats the difference between sudo su - and su -

Thanks,

Babar
  • post-author-pic
    Kenneth A
    09-28-2018

    If you are a regular user (that does not have elevated privileges) then you will not be able to run 'su - ' by itself to switch to another user's account.  The root user, however, does have this capability.  So if a regular user account wants to switch to another user account, they have to prepend the command with 'sudo' (provided that they have permissions in the sudoers file to do so).


    So 'sudo su - ' gives a regular user the abilty to run the 'su' command as if they were the root user.

  • post-author-pic
    Michael C
    09-28-2018

    To elaborate a little on Kenny's reply, if you were to run both of those commands as is, you would get a password prompt.  Using just `su -` is going to prompt you for the root password, however `sudo su -` will prompt for your user password (assuming you have sudo perms).  Both commands can be used to "su up" to the root user.

  • post-author-pic
    Mike C
    09-28-2018

    Further to this, even the - (dash) is optional - invoking it will drop you into root's home; omitting it will leave you in the directory you are currently in.  There are some other things the dash does as well but that's further reading.

  • post-author-pic
    blanco750
    09-28-2018

    Thanks all of you .  so one further question :)  

    not allowing ordinary user ssh to a server as root@xyz and  then allowing sudo su - to become root , what's the difference . A couple of years ago our engineering team changed how we used to connect to servers by not allowing root user directly ssh( not sharing root password) ; instead they created some adminuser to ssh . I was told that its for increaed security so someone doesn't accidently delet files etc. If an ordinary user can switch to root as sudo su - then what was the wisdom behind what they did or even we do in lab servers. 
    Thanks !

    Babar

  • post-author-pic
    Mike C
    09-28-2018

    Letting people login as root is that means that more people know the root password and have more than one way of logging in to the system. By making folks login as themselves, I have a little more control over what they can and cannot do - i.e. if I decide someone no longer deserves root, I can simply take them out of wheel - or lock their account - and I don't have to worry about changing root's password.

Looking For Team Training?

Learn More