# why is sudo better?

## tomek32

I was just having this thought. Why is sudo recommended to use over su?

From what I've heard, the prime advantage of sudo is to keep people from always logging into root. But since sudo asks for the user's password, not root's; isn't it easier to use a hacked account to gain root access since the hacker would already have the user's password?

----------

## inode77

Sudo helps to keep a system more secure, becuase you don't have to tell your users the root pw.

Give them only the rights they really need, so if for some special reson one needs to execute a binary with root rights, you configure sudo and you won't need to give him the root pw.

----------

## tomek32

So basically sudo should only be used for needed restricted root access. It wouldn't be a good idea to give full root permissions through sudo?

----------

## 5xl

That is a misconception that sudo gives you root access. A properly configured sudo will only grant root access for some commands that a particular user needs to run. In effect, it just makes the user take more caution when using more powerful controls that are issued by the sys admin. However, most people just install sudo and forget it, forgetting to secure it. Most unix flavors that come with sudo do a pretty good job of giving you a default config...

----------

## tecknojunky

 *inode77 wrote:*   

> Sudo helps to keep a system more secure, becuase you don't have to tell your users the root pw.
> 
> Give them only the rights they really need, so if for some special reson one needs to execute a binary with root rights, you configure sudo and you won't need to give him the root pw.

 

```
tecknojunky@fiston ~ $ sudo -s

Password:

bash-2.05b# passwd

New UNIX password:

Retype new UNIX password:

passwd: password updated successfully

bash-2.05b# exit

exit

tecknojunky@fiston ~ $ su -

Password:

fiston root #
```

 :Exclamation:   :Question:   :Idea:   :Rolling Eyes: 

----------

## jondkent

All I can say to tecknojunky is that you need to sort out your sudoers file.   There is no way on a _properly_ setup sudo environment that you can do that.  On my systems you if you try that you get 

```

fred@aserver:fred:[14] sudo -s

Password:

Sorry, user fred is not allowed to execute '/bin/csh' as root on aserver.

fred@aserver:fred:[15]

```

Jon

----------

