What is different between root and sudo?
The su
(and sudo) command traditionally require root's password. However, you can setup sudo
so that ordinary users can achieve root privileges with their own password by modifying /etc/sudoers
(as root, preferably with visudo
).
Modern Linux distributions preconfigure the first user to be able to sudo with her own password. This prevents accidental system malconfiguration by the user, and enables them to gain full control without the need of a separate root password.
A normal user can only gain root access with sudo if they are in the sudoers file (meaning they are trusted enough to gain admin permissions on demand). In a production environment, almost nobody should be a sudoer.
The su
command it to temporary change an identity to any user on a system and execute many programs with his/her/its permissions. It doesn't have to be the root. If the user executing su
isn't the root, he have to enter the password of the user he want get identity.
The sudo
command is to execute one command with permissions of any user. It doesn't have to be the root too. The command is very configurable and provide some kind of precise access control. The entering own password is optional and configurable. Some distribution let the first user of the system to execute with sudo
everything.