SU will be best fitted only in case you trust user getting access won’t misuse it & that user also well aware that what he is doing on the system. Hence, its always advisable to use sudo for access management than su. In a sentence, we can say that sudo awards superuser ability to the normal user without logging into superuser account while su is logging into superuser accounts to get that level of access. This limits your use as a different account and system administrator has complete control over tasks you perform using other account’s level of access. On another hand, sudo allows only specific commands to be executed as a different user with its level of access. This is dangerous! Since the system administrator has no control which command you execute as a different user. Imagine if it’s a superuser account, you have full access to the system. So su opens up Pandora box to you! Once you are into different user’s account, you can do whatever you want using that account with its level of access. With su you can load the complete environment of the destination account. Sudo executes commands while the environment of current user loaded. Sudo aims at allowing only a few commands (specified in configuration) to run as a different user with their level of access whereas su directly takes you to a different user account so that you have complete access which is owned by that account. Use sudo to define access to specific commands as a different user.Very obvious way and too risky is to share the password of another account which generally not at all suggested and implemented in production environments.What are available ways to share account access? So, there are situations that arise in which one user needs access to some other user’s privilege (normally superuser access). Sometimes a normal user needs to execute some database-related tasks which will need access to DB privileged account. There are situations like when a normal user needs a superuser privilege to run a few commands only maybe during installation or configuration of his application. The first question will be why to give someone else’s access to another account? ‘su’ Vs ‘sudo’ ‘su‘ forces you to share your root password to other users whereas ‘sudo‘ makes it possible to execute system commands without root password. Its a part of access management and one should which is the best fit tool for his requirement. NOTE This article is more applicable to Ubuntu based distributions, but also applicable to most of the popular Linux distributions. Granting access to someone’s account to someone is a security threat and should be handled cautiously.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |