Alternative for sudo
'sudo' allows you to launch any program as any user. It is 'setuid root', as the program itself requires root permissions to do this. The power of sudo is that you can easily configure who can do what. You can allow a user to execute nmap (and only nmap) using sudo.
'su' allows you to launch a shell as any user. When you launch a shell, you can obviously launch any other program. It is therefore more dangerous; on well-administered systems, su
access is generally disabled, but sudo
might be available for distinct programs.
The reason why the two programs above are used is accountability. Sudo logs all requests that are made. Therefore, it is very easy for an administrator to track what a user has done using root privileges. If you grant access to a shell, a user can do whatever he/she likes (it is a 'black hole'). (Of course, advanced logging on kernel-level thwarts this).
Of course, these programs can also be marked setuid
. This changes the permissions to the owner of the binary when executing it. If you manage to activate the setuid
bit on e.g. /bin/bash
and set the owner of /bin/bash
to root
, you will be root everytime you execute /bin/bash
.
Lastly, physical access to the machine will allow you to do whatever you like. You can boot from a flash drive and access the local filesystem. You could even configure your bootloader to use a different init
process which immediately launches a shell in single-user mode (without asking for a password).
It seems that no one has answered the question of whether or not there exist alternatives to sudo besides su, so you might be interested to know that the sudo website actually maintains a list of sudo alternatives:
http://www.sudo.ws/other.html
The list includes both open-source and commercial software. Here are the open-source sudo alternatives listed at the moment:
doas
vsys
GNU userv
-
sus
- Now defunct? Reference: SUS: An Object Reference Model for Distributing Unix Super User Privileges
super
Priv: Secure and Flexible Privileged Access Dissemination
Calife - a lightweight alternative to sudo
SSU: Extending SSH for Secure Root Administration
su1
op: controlled privilege escalation (a flexible alternative to sudo)
That said I've never used any of these alternatives, nor have I ever seen or heard of them in any other context. It also seems like at least some of these are experimental, defunct or otherwise unsupported. The impression I get is that sudo
and su
are the only real game in town.
Log in as root (if allowed on your tty) or reboot the computer and log in with init=/bin/bash on the command line to restore the required functionality.
I point out that only root can remove sudo.
sudo and su serve similar but different purposes. "sudo" allows you to do something with someone elses permissions while "su" allows you to "become" that user and lets you behave like them.