Pinterest Stumbleupon Whatsapp
Ads by Google

Linux has a lot of security measures in place that are meant to protect your system from threats and sometimes (admittedly) our own stupidity. There are three main features that exist to limit and provide access as needed — file permissions, file ownership, and the root user account.

Although widely known as the super user account, SU actually refers to substitute user, and instructs the computer to execute commands with the file permissions of another user, by default the root account. This shortcut is a powerful tool that can be very helpful when used correctly or absolutely devastating if used recklessly.

Today, we’re going to go into deeper detail about SU and why you should be responsible when using it.

Admin Accounts

system_admin
All of the major operating systems have the concept of an administrator account, offering heightened privileges compared to otherwise “normal” user accounts. Normal users have access to their own files, but not other users’ files and only read-only access to system files so that they can run installed applications.

Administrators, on the other hand, can change system files, which includes installation of new or updated applications, and can (usually) see other users’ files.

Simple enough, right? Sure, the concepts are quite easy to understand, but it has further-reaching implications than just that. Administrators, who assumedly know more about what they’re doing, can make more major changes to a system without it breaking or leaking sensitive data. Normal users without these permissions cannot perform these tasks, so there’s little chance that those users will break the system.

Ads by Google

On most systems with just one user, that user is often the administrator and can do whatever they want with their computer. This is a hierarchy of one, so no third party needs to be present as administrator. However, whenever users have access to these system privileges all the time, they tend to use them blindly, simply accepting requests for admin rights without thinking it through.

The Super User Account On Linux

Linux takes a different approach to handling these administrative privileges. Instead of assigning admin rights to user accounts, Linux separates these into two different accounts: the SU account (sometimes called root) and then your normal user account. The idea is that if you need to do something that requires elevated privileges, you can use the SU command and do whatever you need to do.

At least psychologically speaking, this method forces you to realize that you’re doing something more serious to your system as it won’t let you do it without using SU.

To switch, you just need to open up a terminal and type in

su

It will then ask for the root password to grant you access. If you use sudo, you can also run

sudo bash

which will open up bash (simply another instance of the terminal) but on behalf of the root.

linux_su_bash

SU Benefits

Separating these accounts also helps with managing systems. If a system administrator needs access to the system to make changes, but they aren’t a regular user, they just need to use SU and they won’t have to make a normal user account. These accounts can have different passwords, so only people trying to switch with SU and know the password will get in.

The root account is really powerful, so it should feel like a big deal if you need to switch into it. As root, you can delete your entire system in one terminal command 9 Lethal Linux Commands You Should Never Run 9 Lethal Linux Commands You Should Never Run You should never run a Linux command unless you know exactly what it does. Here are some of the deadliest Linux commands that you'll, for the most part, want to avoid. Read More . As a normal user, it wouldn’t let you do that because you don’t have access to modify any files outside of your home folder. Any damage that you do as a normal user stays contained within that domain — it doesn’t affect the system or any other users.

linux_no_malware
It’s also a great defense mechanism against malware. If it happens to get on your system and execute, it will have the same permissions as your normal user account. It could only gain additional rights if it knew the root password. So while it could destroy your space on the system, it cannot bring down the entire system. On rare occasions, bugs are found where software could gain root access in ways that they’re not supposed to, but those bugs usually get patched up in just a couple days.

SU vs. Sudo

Having to use SU can be a bit annoying for some, so the sudo command was invented. Short for “SU do”, this command can prefix any other command An A-Z of Linux - 40 Essential Commands You Should Know An A-Z of Linux - 40 Essential Commands You Should Know Linux is the oft-ignored third wheel to Windows and Mac. Yes, over the past decade, the open source operating system has gained a lot of traction, but it’s still a far cry from being considered... Read More that you want to run as root while still logged in as your normal user. The SU just needs to place your normal user account in the “sudoers” group, and then you’re allowed by the system to use the sudo command. All it requires is that you type in your normal user password before the command executes. Of course, you’ll also need to learn what commands 4 Ways to Teach Yourself Terminal Commands in Linux 4 Ways to Teach Yourself Terminal Commands in Linux If you want to become a true Linux master, having some terminal knowledge is a good idea. Here methods you can use to start teaching yourself. Read More you need to put in front of sudo.

Some distributions prefer to use sudo and then disable SU because a normal user using sudo isn’t actively using elevated privileges all the time, unlike someone using the SU command. It also tries to avoid the problem of zero-day security holes that allow unintended root access because the command is disabled to begin with. Finally, by using sudo, the malware would have to guess the user’s password before it could gain elevated privileges.

The problem with sudo, however, is the same as on other operating systems. Users with access to sudo tend to use it blindly and without much additional thought. Again, this is usually fine for systems that are only used by a single user anyways, or systems with a small amount of users with an even smaller amount of them with sudo access. But larger systems should probably leave sudo alone and stick with just SU and normal accounts.

Security In Mind

So, quick review: SU is great because it encourages less mistakes, but it’s still powerful and should only be used by the right people (depending on what system you’re using). Sudo helps bridge the gap between root and normal users, but it has its theoretical downsides. What you end up doing is up to you (that’s the beauty of Linux!), but it definitely helps you make better choices when you’re informed.

Don’t forget to check out some other useful Linux tips 10 Mistakes That Make You Sound Like a Rookie Linux User 10 Mistakes That Make You Sound Like a Rookie Linux User How can you tell when you're not a Linux rookie anymore? Check out these mistakes rookies make, and see if you've made any of them recently. If you have, don't worry! Read More as well as Linux lingo Is Linux Confusing? Here Are The Key Terms You Need To Know Is Linux Confusing? Here Are The Key Terms You Need To Know These days, Ubuntu and other modern Linux distributions usually install without a hitch (and without requiring any knowledge), but as you move forward using them, you will inevitably come across all sorts of terminology that... Read More so that you’re up to snuff!

What do you think about SU and Sudo? Is there anything you would change to improve permissions and security? Let us know in the comments!

Image Credits: Security guard via Shutterstock, Ditty_about_summer via Shutterstock.com, Sergii Korolko via Shutterstock.com

  1. Jason Sandys
    August 31, 2015 at 8:25 pm

    Nice article except for trying to draw a correlation between the su command the Super User by using SU (capitalized). The su command stands for "substitute user" and can be used to switch any user not just the root account thus drawing this connection is inaccurate and misleading. Also the sudo command is not derived from "su do", it's a play on the word "psuedo".

    • Howard Blair
      August 31, 2015 at 8:33 pm

      Unfortunately, there's no such word as "psuedo." The word meaning fake is "pseudo." :)

    • Mihir Patkar
      August 31, 2015 at 8:49 pm

      Already fixed, Jason :) Thanks for the comment though, we appreciate readers who keep us on our toes!

Leave a Reply

Your email address will not be published. Required fields are marked *