Skip to main content
blanco750

1 year ago

sudo su - and su -

Hello,


quick question please. Whats the difference between sudo su - and su -

Thanks,

Babar

Image of kennyarmstrong
kennyarmstrong
1 year ago
If you are a regular user (that does not have elevated privileges) then you will not be able to run 'su - ' by itself to switch to another user's account.  The root user, however, does have this capability.  So if a regular user account wants to switch to another user account, they have to prepend the command with 'sudo' (provided that they have permissions in the sudoers file to do so).

So 'sudo su - ' gives a regular user the abilty to run the 'su' command as if they were the root user.
Image of mchristian
mchristian
1 year ago
To elaborate a little on Kenny's reply, if you were to run both of those commands as is, you would get a password prompt.  Using just `su -` is going to prompt you for the root password, however `sudo su -` will prompt for your user password (assuming you have sudo perms).  Both commands can be used to "su up" to the root user.
Image of americanada
americanada
1 year ago
Further to this, even the - (dash) is optional - invoking it will drop you into root's home; omitting it will leave you in the directory you are currently in.  There are some other things the dash does as well but that's further reading.
Image of blanco750
blanco750
1 year ago
Thanks all of you .  so one further question :)
not allowing ordinary user ssh to a server as root@xyz and  then allowing sudo su - to become root , what's the difference . A couple of years ago our engineering team changed how we used to connect to servers by not allowing root user directly ssh( not sharing root password) ; instead they created some adminuser to ssh . I was told that its for increaed security so someone doesn't accidently delet files etc. If an ordinary user can switch to root as sudo su - then what was the wisdom behind what they did or even we do in lab servers.
Thanks !

Babar
Image of americanada
americanada
1 year ago
Letting people login as root is that means that more people know the root password and have more than one way of logging in to the system. By making folks login as themselves, I have a little more control over what they can and cannot do - i.e. if I decide someone no longer deserves root, I can simply take them out of wheel - or lock their account - and I don't have to worry about changing root's password.