Learn the difference between su and sudo. By learning difference you will be able to judge which one is best suited for your requirement of access management.
Granting access of someone’s account to someone is a security threat and should be handled cautiously. Its a part of access management and one should which is the best fit tool for his requirement.
The first question will be why to give someone else’s access to another account?
There are situations like when a normal user needs a superuser privilege to run few commands only maybe during installation or configuration of his application. Sometimes a normal user needs to execute some database related tasks which will need access to DB privileged account. So, there are situations arises in which one user need an access of some other user’s privilege (normally superuser access).
What are available ways to share account access?
- Very obvious way and too risky is to share password of another account which generally not at all suggested and implemented in production environments.
- Use sudo to define access to specific commands as a different user
- Use su to switch to another account
Difference between su and sudo :
sudo aims at allowing only a few commands (specified in configuration) to run as a different user with their level of access whereas su directly takes you to a different user account so that you have complete access which is owned by that account.
sudo executes commands while the environment of current user loaded. With su you can load complete environment of destination account.
So su opens up Pandora box to you! Once you are into different user’s account, you can do whatever you want using that account with its level of access. Imagine if it’s a superuser account, you have full access to the system. This is dangerous! Since system administrator has no control which command you execute as a different user.
On another hand, sudo allows only specific commands to be executed as a different user with its level of access. This limits your use as a different account and system administrator has complete control over tasks you perform using other account’s level of access.
In a sentence, we can say that sudo awards superuser ability to the normal user without logging into superuser account while su is logging into superuser accounts to get that level of access.
Hence, its always advisable to use sudo for access management than su. SU will be best fitted only in case you trust user getting access won’t misuse it & that user also well aware that what he is doing on the system.