> I don’t know if Debian does, but the difference between su and sudo seems > quite like to the difference between ssh logins with password and with keys. > Both have advantages and disadvantages.
By far: No. su only invokes or acts like login, pam included. sudo may represent a complex role management. It's like su calls: Let me log in as TARGET_USER, I have the password. Done. Using sudo, you call for for a specific privilege. Which may be a command or a login shell, when using 'sudo -i TARGET_USER'. sudo then decides, based on your current UID and GID, with wwhich UID and/or GID you want to claim what privilege, if this will be granted. And then you may, which is the default, type in YOUR user password to authenticate your self. Martin
