Learn the best practices with SU and SUDO
For security reasons, root is disabled by default with our Linux Cloud Virtual Servers (Cloud Servers). This guide will explain how to use SU and SUDO.
Note: if you need to gain access to the root user, this guide explains how to enable the root user on Linux.
Understanding the Difference
- su (substitute user): Switches your entire terminal session to the root user.
- sudo (superuser do): Allows you to run a single command with elevated privileges (like root) without switching users.
Always Prefer sudo
- Security: sudo offers more granular control. You execute specific commands, minimizing risk.
- Logging: sudo logs your commands with timestamps and usernames, enhancing accountability.
- Efficiency: sudo keeps you in your user environment, reducing context switching.
When (reluctantly) to use su
- Root Shell Scripts: If a script requires a full root shell environment (rare), use
sudo su -
(avoidsudo su
for logging reasons).
Best Practices
- Minimize Root Access: Use root only when absolutely necessary.
- Command-Specific Permissions: Grant sudo access for specific commands users need, not blanket root access.
- Strong Root Password: If using su, ensure a complex and unique root password.
- Least Privilege: Give users the minimum permissions required for their tasks.
- Regular Auditing: Monitor sudo logs to identify suspicious activity.
Example (Using sudo)
sudo apt update && sudo apt upgrade # Update package lists and upgrade securely
Example (Script with sudo su – ; Not recommended):
sudo su - <<SCRIPT # Not ideal, but demonstrates root shell script usage
# Root shell commands here
SCRIPT
Remember: With root privileges comes great responsibility. Use them cautiously and follow these best practices to maintain a secure system.