Learn difference between su and sudo. By learning difference you will be able to judge which one is best suited for your requirement of access management.
Granting access of someone’s account to someone is security threat and should be handled cautiously. Its a part of access management and one should which is the best fit tool for his requirement.
First question will be why to give someone else’s access to other account?
There are situations like when normal user needs a superuser privileges to run few commands only maybe during installation or configuration of his application. Sometimes normal user needs to execute some databse related tasks which will need access to DB privileged account. So, there are situations arises in which one user need an access of some other user’s privilege (normally superuser access).
What are available ways to share account access?
- Very obvious way and too risky is to share password of other account which genrally not at all suggested and implemented in production environments.
- Use sudo to define access to specific commands as different user
- Use su to switch to other account
Difference between su and sudo :
sudo aims at allowing only few commands (specified in configuration) to run as different user with their level of access whereas su directly takes you to different user account so that you have complete access which is owned by that account.
sudo executes commands while environment of current user loaded. With su you can load complete environment of destination account.
So su opens up Pandora box to you! Once you are into different user’s account, you can do whatever you want using that account with its level of access. Imagine if its a superuser account, you have full access to system. This is dangerous! Since system administrator has no control which command you execute as a different user.
On other hand, sudo allows only specific commands to be executed as different user with its level of access. This limits your use as a different account and system administrator has complete control over tasks you perform using other account’s level of access.
In a sentence we can say that sudo awards superuser ability to normal user without logging into superuser account while su is logging into superuser accounts to get that level of access.
Hence, its always advisable to use sudo for access management than su. SU will be best fitted only in case you trust user getting access wont misuse it & that user also well aware that what he is doing on system.