Ubuntu – I can use sudo but I can’t use su due to a password Authentication failure, shouldn’t both be the same password?


when I try using a command with sudo everything works fine, however, if I want to log in as the superuser using su it doesn't let me. Why?

Best Answer

What is happening?

To change (switch) users using su command, you should provide the password of target user, that's how it works. However with sudo you can use your own password.

For example if you use the su - command to switch into root user, you have to use root's password which by default it does not have any password and also its account is disabled.

What is the different?

So with su we are giving away a single password to all users who needs to switch into the target user, what sudo does is to overcome this problem.

We setup a file named sudoers and within it we will define who can do what. With providing their password to sudo command, they are actually confirming it's really them who is trying to run a command and system can verify the user and the command they are allowed to use.

What can I do?

You can use: sudo -i to switch into root with its default shell as a login shell, or for a no-login shell sudo -s or even old school sudo su - (login shell again).

Extra informations

You can also use sudo -l to see what privileges you have, for example do you have the rights to switch into root or user bob or run a specific command using john at a specific machine?

To clarify about root account:
in a Ubuntu machine, by default root account does not have any password and at the same time the account is disabled. When you disable an account an exclamation mark "!", will be added in front of its password hash, so no one can login into that account, whether it has a password or not.

$ sudo grep root /etc/shadow

Which means root does not have any password (second section (delimited by ':') is empty, it only contains an exclamation mark) and at the same time it's disabled: pay attention to !.

Related Question