What are the benefits of sudo over su?
So in what case root can cause damage whereas sudo can't?
Since you must usually invoke sudo
each time you want to do something that requires privileges, the reasoning is that you will "think before you leap", i.e. not just stick sudo in front of something without thinking for a second what the command you're running is going to do.
With su
on the other hand, once you're in, you're in. You have carte blanche (an open license) to do anything and everything, and the reasoning is you might forget for a moment that you have those privileges and if you're unlucky, execute something that will seriously affect/damage your system -- if you did not have su privileges, the command wouldn't have done anything serious.
IMO the major advantages of sudo over su are that sudo has superior logging of what commands were run and sudo gives finer control over what users can do.
su is all or none, but sudo can be configured to allow access to some, but not all commands.
See https://help.ubuntu.com/community/RootSudo for a more complete discussion, including advantages and disadvantages.
su -
When logged in as root, any task you start, action you trigger, or random event caused by visiting a certain website, etc. .. will run as super-user.
sudo
When you invoke sudo, as you run a command, only that command will run as super-user.
You will be asked for your password, before the command is executed. So user-interaction by you is also required.
Attempts to invoke sudo can also be logged.
It is about user/password management for sysadmins.
If you have multiple users, they should all have separate accounts and should be able to be tracked using those accounts. This means that people can't hide their identity. Also, if you need to revoke a specific users permissions you don't also have to reset the root password. To give every person in an environment with more than 2 admins the root password makes for a nightmare when one person quits. You must not only change it, but communicate it, etc. All this stuff also has to happen when one of them has a laptop stolen or stuff like that. One account with one password per person makes administration simpler. It is similar to the philosophy behind why each service should have its own account. If one account is compromised, you don't have to reconfigure another dozen services (such as backup tasks) to use a different account.
I also find it personally convenient not to have yet another password to keep track of, lose and have compromised. On RHEL I specifically disable the root account after configuring sudo so I don't have to track it. Once in awhile a user b0rks the sudo file, but that's fixable in single-user mode. (Naturally, it is usually a production machine.)
NOTE: 'sudo bash' will allow you to skip typing sudo for each command...
I think first, we need to look into what su and sudo actually are
su - stands for Substitute User. You use this to switch to a shell as another user using that user's password. Commonly used with root. Does not require a password when executed as root.
sudo - allows a permitted user to execute a specified command as another user. Also commonly used with root. However, this allows you to specifically manage what commands may be executed as another use. (For instance, you could give a user the ability to run an init.d script but nothing else.)
Note, you can always run sudo su
or sudo -i
and that will give you a root shell. However, no root password means no logging in directly as root... which means no one can break into that user.
EDIT: so maybe this answer your looking for is:
not having a root password forces you to use sudo
, which in turn naturally aligns you with the sudo
philosophy which suggests you to enforce greater control over the actions run as root.