Introduction
The sudo
and su
commands belong to the group of commands every Linux user comes across. Because they are similar in syntax and have overlapping functions, many new users are unsure when to use one over the other.
In this tutorial, learn all about the difference between su
and sudo
.
sudo vs su
Both su
and sudo
elevate privileges assigned to the current user.
The main difference between the two is that su
requires the password of the target account, while sudo
requires the password of the current user. Therefore, it is much safer to use sudo
since it doesn’t include exchanging sensitive information.
Additionally, it is advisable to stick to sudo
when performing tasks that require root privileges. By doing so, the current user is only granted privileged for the specified command. On the other hand, su
switches to the root user completely, exposing the entire system to potential accidental modification.
How to Use the su Command
The su
command stands for substitute user, and it is mostly used for switching from one user to another. It does this by starting a login shell in the current directory and environment (su
) or by completely changing to the setting of the target user (su -
) .
The main syntax is:
su [user_name]
or
su - [user_name]
If the command is used without the argument, it switches to the superuser (root) account.
How Does the su Command Work?
To invoke another user’s shell within the working directory/user environment, use the su
command (without the hyphen).
For instance, to operate as a user named neveropen, run:
su neveropen
Then, provide the password for the neveropen account and hit Enter.
The shell should change, displaying you now have operator access to the specified account. However, the user environment remains the same, as in the image below:
How Does the su – [hyphen] Command Work?
To move to another user and switch to that target user environment, use the su -
command.
Therefore, to switch to the neveropen user and move to its login shell, type the command:
su - neveropen
Type in the password for the neveropen account and hit Enter to confirm. The output should appear similar as in the following image:
Note: Additional attributes that allow moving to another user and its login interface include: su - l
(or --login
) [username]
.
For more details about the su
command, see our article on How to Use the su
Command With Examples.
How to Use the sudo Command
sudo
is used as a prefix to Linux commands, which allows the logged in user to execute commands that require root privileges. Unlike su
, the sudo
command in Linux requires providing the password for the user running the command.
All administrative and executable tasks require maximum permission (held by root). In such cases, it is recommended to use sudo
.
The main syntax is:
sudo [command]
Before the system executes the command, it asks for the password of the current user.
Bear in mind that the sudo
option can only be used by users who belong to the sudoers group.
Adding a User to the Sudoers Group
For a user to execute a command that requires the sudo
prefix, it has to be part of the sudoers group.
To add a user to the sudoers group, run the following command (as root or an account that already has sudo privileges):
usermod -aG sudo [user_name]
For instance, to add the account neveropen, you would type:
sudo usermod -aG sudo neveropen
To see a list of accounts that belong to the sudoers group run:
sudo getent group sudo
The output should display the account added in the previous step:
Note: For an in-depth guide, refer to How to Add User to Sudoers Group on Ubuntu or How to Add User to Sudoers Group on CentOS.
How sudo and su Work on Different Linux Distributions
su
is an older but more fully-featured command included in all Linux distributions. It is the traditional way to switch to the root account.
Linux discourages working as root as it may cause unwanted system-wide changes and suggests using sudo
instead. For this reason, all Ubuntu-based releases are sudo-only, meaning the root account is not active by default.
While installing an Ubuntu OS, you create a user automatically labeled as part of the sudoers group. However, there is no root account setup. To enable the root user, you need to activate it manually.
On the other hand, other Linux distributions, such as Fedora, create a root and user account upon installation.
Enabling the Root Account
If you are using an Ubuntu-based distribution and try to switch to the root user, the output informs you there is an Authentication failure.
To activate the root user, run the passwd command:
sudo passwd root
Next, the output asks to set the password for the root user. Type and retype a secure password, then hit Enter. The system should notify you the password has been updated successfully.
Verify the root user is active by switching to it its login shell with su -
.
Note: It’s recommended to change passwords regularly. This guide can help you change or reset your Linux root password in Ubuntu or CentOS.
Additional Features
Although sudo
is mainly linked to executing commands with root privileges, it can also be used to change the root user. Switch to the root user and acquire the root environment with:
sudo -i
Type in the password for the user currently in use. You should now be in the root shell.
Likewise, su
can also function as sudo
and run a single command as the root:
su -c [command]
Conclusion
After reading this article, you should understand the difference between the sudo
and su
command. Remember to use sudo
whenever you can to prevent potential security and system-wide issues.