There are many Linux commands which deal with sensitive information like passwords, system hardware, or otherwise operate under other exceptional circumstances. Preventing regular users from executing these commands helps to protect the system. Logging in as the root user provides administrative access, allowing for the execution of some of the privileged commands.
The su Command
su OPTIONS USERNAME
The su command allows you to temporarily act as a different user. It does this by creating a new shell. The shell is simply a text input console that lets you type in commands. By default, if a user account is not specified, the su command will open a new shell as the root user, which provides administrative privileges. After executing the su command, a password is required. Note the command prompt has changed to reflect that you are now logged in as the root user. To logout and return to the sysadmin account, use the exit command. Note the prompt changes back:
To avoid executing any sensitive commands, we’ve configure the Steam Locomotive command, the sl command, to require administrative access. If the command is executed as sysadmin, it fails. Use the su command to switch to the root account and execute the sl command with administrative access:
The sudo Command
sudo [OPTIONS] COMMAND
The sudo command allows a user to execute a command as another user without creating a new shell. Instead, to execute a command with administrative privileges, use it as an argument to the sudo command. Like the su command, the sudo command assumes by default the root user account should be used to execute commands.
Execute the sl command as the root user by putting sudo in front of it:
Once the command has completed, notice the prompt has not changed, you are still logged in as sysadmin. The sudo command only provides administrative access for the execution of the specified command. This is an advantage as it reduces the risk that a user accidentally executes a command as root. The intention to execute a command is clear; the command is executed as root if prefixed with the sudo command. Otherwise, the command is executed as a regular user.
