[Linux] su / su - / sudo 명령어 차이

각 커맨드의 차이점을 설명하기에 앞서 root user에 대해 간단히 소개하겠습니다.​

root user로 작업한다는 것은 아래와 같은 권한이 있음을 의미합니다:
· Remove any or all files
· Change the permissions of any or all files
· Change the runlevel of the system
· Alter user accounts
· Mount or unmount filesystems
· Remove or install software
· Create, remove, and alter file systems
이처럼 root user는 시스템에 무엇이든 할 수 있는 all-powerful administrative 계정입니다. 이러한 root user로 발생한 에러는 되돌릴 수 없고 시스템에 크리컬 할 수 있습니다.​

*nix에서 su를 이용하는 것은 터미널에 root로 로그인하는 것과 동일합니다. 
이러한 root user를 대안하기위해 sudo를 사용할 수 있습니다.

 

su(switch user)

특정 user로 switching하며 전환하려는 user의 비밀번호가 필요합니다. 

--현재 gbl user로 로그인한 상태
[gbl@test ~]$ su
Password: 
[root@test gbl]# id
uid=0(root) gid=0(root) groups=0(root)

--gbl user의 user home path로 로그인 됨
[root@test gbl]# pwd
/home/gbl

--당연히 .bash_profile도 root user의 환경변수를 적용시키지 않음
[root@test gbl]# cat .bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/.local/bin:$HOME/bin

export PATH

 

su -

(-) switch는 전환하려는 user의 path 및 환경 변수를 포함하여 전환할 때 사용합니다.
(-) switch는 해당 user account로 시스템에 직접 로그인하는 것과 동일합니다.​

sudo policy는 /etc/sudoers에 정의되어 있으므로 강력한 권한 제어를 제공합니다. sudo는 su가 할 수 있는 모든 작업을 할 수 있으므로 되도록 su 커맨드보다는 sudo 커맨드를 사용하기를 권장합니다.

--현재 gbl user로 로그인한 상태
[gbl@test ~]$ su -
Password: 
Last login: Sat Jul  3 08:12:07 KST 2021 on pts/0
[root@test ~]# id
uid=0(root) gid=0(root) groups=0(root)

--root user의 user home path로 로그인 됨
[root@test ~]# pwd
/root

--root user의 .bash_profile이 적용된 로그인
[root@test ~]# cat .bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin

export PATH

alias sutest='cd /test'

--root user의 .bash_profile의 alias설정이 문제없이 사용 됨으로써 증명
[root@test ~]# sutest
[root@htest test]#

 

sudo(superuser do)

sudo는 identity를 변경할 필요없이 elevated prompt를 실행하는 커맨드입니다. /etc/sudoers file의 설정에 따라 root or another user로 single 커맨드를 실행할 수 있습니다. 
sudo -i 를 이용하여 root로 interactive session으로 이동합니다.

--현재 gbl user로 로그인한 상태
[gbl@test ~]$ sudo cat .bash_profile
[sudo] password for gbl: 
gbl is not in the sudoers file.  This incident will be reported.

--sudoers file 설정
[root@test ~]# visudo -f /etc/sudoers
...
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
gbl     ALL=(ALL)       ALL

## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

## Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

## Allows members of the users group to mount and unmount the
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
"/etc/sudoers.tmp" 121L, 4345C written
[root@test ~]# 
[root@test ~]# 
[root@test ~]# exit
logout

--sudo 커맨드를 사용, 마찬가지로 root user의 path나 환경변수는 적용되지 않음
[gbl@test ~]$ sudo pwd
/home/gbl
[gbl@test ~]$ sudo cat .bash_profile
[sudo] password for gbl: 
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/.local/bin:$HOME/bin

export PATH

 

 

참조:

https://www.redhat.com/sysadmin/difference-between-sudo-su

Exploring the differences between sudo and su commands in Linux