Why does "su - X" require password, but "sudo -u X bash" doesn't?

Question

I know "why" questions are dangerous :) I have sudo access on RHEL, and noticed this:

su - fred
Password:

(I don't know fred's password).

sudo -u fred bash
[fred] $

Is there a way to not need fred's password to do the su? Is there a reason to want that?

Which pair of commands are you asking about? The ones in the question body? Or the ones in the question title? — JdeBP, Jan 25 '12 at 08:15
The ones in the question body. You don't seem to be able to change titles. — Steve Bennett, Jan 30 '12 at 05:20

score 4 · Accepted Answer · answered Jan 25 '12 at 03:33

The difference is that sudo uses privileges attached to the account you're running as, while su is more similar to logging in at a normal prompt as the user you're changing to.

Try su root as a regular user that doesn't have permissions in the sudoers file - you can use the root credentials to change to that user, regardless of your current user's rights.

Conversely, sudo and the permissions assigned in your /etc/sudoers file allow your current user to work as root without needing to know any password but your own. For instance, add sudo to the front of your su -u fred command - fred's password is no longer needed, since the su is then running with root privleges.

score 1 · Answer 2 · answered Jan 25 '12 at 03:20

1

sudo temporarily caches your passwords ... is this the case here?

answered Jan 25 '12 at 03:20

Jamie

1,284
7
22
40

That's true, but not quite relevant - I know *my* password, I don't know *fred's* password. (Entering my password in the first example didn't work) – Steve Bennett Jan 25 '12 at 03:35

Why does "su - X" require password, but "sudo -u X bash" doesn't?

2 Answers2