Logo

sudo vs. su: Differences Between sudo and su Commands

Try this guide with our instant dedicated server for as low as 40 Euros

differences between sudo vs su commands

User privileges and access control are two critical aspects of Linux security. What users can do (and cannot do) defines the principle of user isolation and privileges. 

You will find that all Linux distributions have a special category of users called superusers. These users have very elevated privileges and access to all hardware and software components of the system. 

When working with Linux systems, you may often encounter sudo as the starting point of many commands. Similarly, you may find su as a reliable way to switch user accounts as the need arises. 

On the surface, the sudo and su appear to have similar syntax and functionalities. As a result, many newcomers are confused about which one to use in a specific scenario.

This tutorial teaches how to make the most of the differences between sudo and su.

Table Of Contents

  1. An Overview of the sudo vs su Debate
  2. Using the su Command
    1. How Do You Use the su Command?
  3. Using the sudo Command
    1. Add a User to the Sudoers Group
  4. How Different Linux Distributions Use su and sudo
  5. Extra Features of the sudo Command
  6. Conclusion
  7. FAQs

An Overview of the sudo v/s su Debate

Before we begin, you should understand that the current user’s privileges are elevated by both su and sudo.

The main difference between the two is that although su requires the target account’s password, sudo requires the current user’s password. As such, sudo is far safer since it doesn’t require sending sensitive data.

When executing commands that call for root access privileges, it’s best to use sudo. In this process, the current user is given privileges for the specified command. Once the command has finished processing, the system downgrades the privileges. 

In contrast, su switches to the root user and changes the current working directory. The downside of this operation is that you are opening the system to unintentional modifications.

Using the su Command

The su command (which stands for switch user or substitute user) is commonly used for regular user swapping. During the process, the command starts a login shell in the current directory and environment.

The primary syntax is as follows:

# su [user_name]

Or 

# su - [user_name]

If you omit the username, the command assumes the superuser (root) account as the argument. 

su command

How Do You Use the su Command?

In the working directory or user environment, use the su command (no hyphen) to launch the shell of a different user.

For example, use the following command to switch to the user redswitches:

# su redswitches

Next, enter the redswitches account password and press Enter.

You should see the shell change indicating you can now run commands and access directories and hardware resources as per the defined user privileges. The user environment is still the same, though, as seen in the following image:

su redswitches

Using the sudo Command

In most cases, you can use sudo for commands that require root level access and privileges. For this, you should prefix the commands with sudo. In contrast to su, the Linux sudo command needs the user’s password to execute it.

We recommend opting for the sudo command for all administrative and executable tasks that require the highest authorization level (owned by root). 

The primary syntax of this command is as follows:

# sudo [command]

The system requests the current user’s password before the account is switched. Note that only users of the sudoers group can use the sudo option.

Add a User to the Sudoers Group

If a command requires the sudo prefix, a user cannot run it unless they are a member of the sudoers group.

Use the following command (either as root or an account that already has sudo rights) to add a user to the sudoers group:

# usermod -aG sudo [user_name]

For example, you should run the following command to add the account redswitches to the group:

# sudo usermod -aG sudo redswitches

You can view the list of accounts in the sudoers group with this command:

# sudo getent group sudo

sudo getent group sudo

As you can see in the above screenshot, the user redswitches is shown as a member of the group.

For more details on the topic, we recommend our detailed tutorial on adding users to the sudoers group.

How Different Linux Distributions Use su and sudo

Note that different Linux distributions may have different implementations of the su and sudo commands.

You may see your favorite Linux distribution recommending sudo instead of su because of these differences in implementation. For instance, in Ubuntu and Ubuntu-based distros, the root account is not active by default. Instead, users are awarded sudo-only access.

This is done with security in mind. The root access is all powerful and can cause irreversible damage to the system operations. In contrast, sudo provides a safer alternative because of the single-use functionality that prevents the execution of successive malicious commands. 

This difference extends to how a user is created and added to the sudoer group. A user is automatically created during the Ubuntu OS installation and granted the sudoers membership. Interestingly, the installation process does not create a root account. Instead, you must manually activate the root user if you need to activate it.

However, certain Linux distributions, like Fedora, create a root user account and a root directory upon installation.

Activating the Root Account

When you attempt to switch to the root user while running an Ubuntu-based distribution, the output notifies you that there has been an Authentication failure.

A simple fix of this issue is to use the passwd command to enable the root user:

# sudo passwd root

The process then asks for the new root user password. After entering a strong password twice, pressing Enter between each attempt. The system will then notify that the password update has been completed successfully.

sudo passwd root

To confirm that the root user is logged in, use su – to switch to its login shell.

switch login shell su

Extra Features of the sudo Command

Although mostly used to running commands with root access, sudo can also modify the role of the root user. For instance, you can run the following command to switch to the root user and initiate the relevant environment:

# sudo -i

Enter the password for the user who is logged in right now. Once validated, you can see the changes in the prompt that indicate that you are now logged in as the root user. 

sudo -i

Similarly, su can likewise act as sudo and execute one command as root:

# su -c [command]

Conclusion

Understanding the difference between sudo and su is essential for efficient system management and security on Unix-like operating systems. With sudo, a user with permission can run a command as the superuser or as another user. It also logs all commands for auditing purposes and gives temporary administrative capabilities. 

For certain tasks, this is perfect because it doesn’t reveal the root account. On the other hand, su requires the target user’s password and gives full access to their environment while changing the user context to that of another user, usually the root. Due to its control and auditing features, sudo is generally preferable for tasks, although su is helpful for ongoing administrative access.

FAQs

Q: What is the primary function of sudo?

According to the security policy, sudo enables a permitted user to run a command as the superuser or as another user. To facilitate auditing, it logs every command and bestows temporary administrative rights.

Q: How does su differ from sudo?

su switches the user context to another user, typically the root user, requiring the target user’s password. It provides a way to open a session as another user, giving full access to their environment and privileges.

Q: Which command should I use for specific administrative tasks?

For specific administrative tasks, sudo is preferred due to its granular control and auditing capabilities.

Q: When is it appropriate to use su?

su is appropriate for scenarios requiring a full root environment or persistent administrative access.

Q: Does sudo require the root password?

No, sudo requires the user’s password to run the command, not the root password.

Q: Can sudo be configured for different users?

According to the instructions in the /etc/sudoers file, sudo can be set up to allow specific users to execute particular commands as the superuser or another normal user.

Q: Is it safe to use su for routine administrative tasks?

Using su for routine administrative tasks is less secure because it provides full root Privileges without logging individual commands, unlike sudo, which logs each action for auditing.

Q: How do I add a normal user to the sudoers file?

You can securely alter the sudoers file and add a user with the necessary permissions by using the visudo command.

Q: Can sudo execute commands as users other than root?

Yes, sudo can execute commands as any specified regular user by using the -u option followed by the username.

Q: What happens if I run sudo su?

Running sudo su combines the two commands, allowing you to switch to the root user without needing the root password, using your sudo privileges instead.

Try this guide with our instant dedicated server for as low as 40 Euros