1

I was trying to understand why "su" fails and "sudo " is successful.

So, since the root account is disabled by default, the "su" command fails. fair enough.

But the thing that I can't get my grip on is the following:

When a user is trying to execute a command with root privileges a "sudo" is required. I would expect the prompt password to be asking for the "root password" (which at this point, by default, is not set) - as the root privileges are about to be given temporarily to the user.

However, what actually happens is that the user is asked to enter his own password. Could someone explain the logic in this process?

Yaniv G
  • 137

1 Answers1

13

Any user that has been granted permissions by a system administrator can use the sudo command to perform actions with root privileges. su, on the other hand, can be accessed only by users knowing the password of the target account.

  • sudo allows a privileged user to execute a command as another user. If no user is specified, then that other user will be root. The user needs to give his/her password. The security system then checks whether that user has permission to act as root.
  • su allows to temporarily become another user to execute commands. If no user is specified, then the user will be root. Thus, the password of the target user needs to be entered. On Ubuntu, a su to become root will not work, because the root account is by default not enabled - you can't login to it. You can however open a root shell with sudo -i, if you have the priviledges. This way, you run a shell with root privileges without being logged in to a root account.

The first user created on a freshly installed Ubuntu system, user 1000, automatically is allowed to use sudo to gain root privileges. Any other user must explicitly be granted "sudo" permissions by a user that already has such permissions. Users without such permission will not be able to use sudo to execute commands with root privileges.

vanadium
  • 97,564