sudo and su are commonly used to run command with root permissions. Root privileges are required to perform certain tasks such as installing software, adding users and changing ownerships, etc. When a normal user requires administrative changes, you can use sudo or su command in Linux.
In this tutorial, we learn about the differences between Sudo and Su and how to use these commands.
Sudo vs Su
The main difference between sudo and su is that su switches to root and requires root password whereas sudo runs the command with root privilege with user personal password.
Sudo configuration file allows users to run specific programs with root privileges. For the sudo command to work, the current user must be in the sudoers list or sudo group.
Why Prefer to Use Sudo
Both sudo and su commands provide root user access, but it is a good practice to use sudo, instead of the su command because sudo does not open the entire system to security threats. Sudo helps keep your system secure by enforcing the best practices and limited access. The system administrator does not need to share root password with any other user.
Sudo provides complete logging of the tasks performed by the user. It protects your system from intentional or accidental damages. By default, this command asks for the current user account’s password for the first time and then remembers the password for a specified amount of time. For example, on an Ubuntu Linux distribution, sudo does not ask for a password for 15 minutes.
In Linux system, it's not recommended to run commands as root user as it may invite accidental changes to the system. For this reason, in some Linux distributions such as Ubuntu the root user is disabled by default. During Ubuntu installation, a user account is created and added into the sudo group, instead of root account.
How to use Su Command
The su (substitute user) command lets you switch to a particular user in the shell without logging out from our current session. Commonly used to switch to an administrative account. Basically, it allows you to run commands with another target user and it asks for the password for that user.
If you invoke su command without an option it prompts you to enter a password. On successfully entering the root password, you get a shell to execute commands with root access.
Remember the root session keeps active until you exit from the shell. The su switch the user and get environment variables the same as the original user:
However, if you do not want to preserve the environment variables and switch to the root user account, type su command with - (hyphen):
$ su -
In Ubuntu-based distributions by default, you won't be able to switch to root by using su. This is because the root user account is disabled.
You may get the error "su: Authentication failure". To activate the root account set a password for root:
$ sudo passwd root
The su command can also be used to switch to a different user account, which is not the root user. For example, to switch to the demo user, type:
$ su demo
Use the following command to not preserve the environment settings:
$ su - demo
The su also allows to run a single command as root, type:
su -c <command>
How to Use Sudo Command
sudo as a prefix to other Linux commands, which lets the current user execute commands with root privilege. The system administrator must enable access for a user to be able to run commands as
sudo. This is done by adding user accounts to sudoers file or sudo group.
The basic syntax of the sudo command is:
$ sudo [command]
For example, the groupadd command requires root privileges. If you run this command as a normal user, then you get a permission denied error:
$ groupadd sample
The same command if a sudo privileged user run then it will work:
$ sudo groupadd sample
sudo -i and
sudo su - is same as
su - which allows you to gain root shell and run command in root user environment.
In this tutorial, we learned the difference between su and sudo and learned how to use it to execute commands that require root privileges. Our recommendation is to use the sudo command and never share your root password to keep your system safe from unauthorized access.