As we know Linux provides much better security. You can set user management policy and user permissions so normal users can't authenticate the critical system processes. If you want your other users can perform such actions, you will need to use su or sudo commands.
What is 'su'?
For the Linux system, su will force you to share your root password with another user.
What is ‘sudo’?
In Linux, sudo is a root binary setuid. It can run the root commands for authorized users. Whenever users run the sudo, they will need to type their own password to execute the command.
To add or remove the list of sudo user, you can run below command
# sudo /usr/sbin/visudo
By default, sudo string will be looked as below.
# root ALL=(ALL) ALL
How to grant sudo access
It is very Dangerous to grant ALL=(ALL) ALL permission to users except you know that listed users.
root ALL=(ALL:ALL) ALL admin ALL=(ALL:ALL) ALL
Instead of that, you can configure your sudo user more precisely by providing the limited command permission. For that, you can use the below line.
User_name Machine_name=(Effective_user) command
Following are all divided parts of the above line.
- User_name: Name of sudo user .
- Machine_name : Hostname of server.
- (Effective_user) : Users which are allowed to execute command.
- command : Commands or set of commands which can sudo users perform .
Facing an issue with su user? Please refer to SU > Enable Cagefsctl for more details.