System administrators, and in some cases users, need to perform certain tasks with administrative access. Accessing the system as the root user is potentially dangerous and can lead to widespread damage to the system and data.
ACCESS USING THE SU UTILITY
When a user executes the su command, they are prompted for the root password and, after authentication, are given a root shell prompt. Once logged in using the su command, the user is the root user and has absolute administrative access to the system. Note that this access is still subject to the restrictions imposed by SELinux if it is enabled. In addition, once a user has become root, it is possible for them to use the su command to change to any other user on the system without being prompted for a password. for more information regarding su command use man su in the Linux terminal
One of the simplest ways to do this is to add users to the special administrative group called a wheel. To do this, type the following command as root:
In above, replace username with the user name you want to add to the wheel group
After adding the desired users to the wheel group, you can permit only these specific users to use the su command. Edit the Pluggable Authentication Module (PAM) configuration file for su, i.e. /etc/pam.d/su. Open this file in a text editor and uncomment the following line by removing the #:
Only members of the group wheel can switch to another user using the su command.
ADMINISTRATIVE ACCESS USING THE SUDO UTILITY
In the Linux sudo command gives another approach to giving users administrative access. only trusted users precede an administrative command with sudo, user prompted for their own password. Only when they authenticated and assuming that the command is permitted, the administrative command is executed as executed by the root user. sudo means superuser can do.
The basic format of the sudo command
In the above example, sudo command would be replaced by a command normally reserved for the root user, like useradd. Only users listed in the /etc/sudoers configuration file are allowed to use the sudo command and the command is executed in its own shell, not a root shell.
Another benefit of the sudo command is that an administrator can allow different users access to specific commands only based on their requirements.
Type visudo and add a line similar to the following in the user privilege specification section:
the user, user1, can use sudo from any host and execute any command.
Also, we can configure sudo users who do not need to provide any password by using the NOPASSWD option in the sudoers file path of sudoers file is /etc/sudoers: