Introduction

The sudo and su commands belong to the group of commands every Linux user comes across. Because they are similar in syntax and have overlapping functions, many new users are unsure when to use one over the other.

In this tutorial, learn all about the difference between su and sudo

The difference between sudo and su explained.

sudo vs su

Both su and sudo elevate privileges assigned to the current user.

The main difference between the two is that su requires the password of the target account, while sudo requires the password of the current user. Therefore, it is much safer to use sudo since it doesn’t include exchanging sensitive information.

Additionally, it is advisable to stick to sudo when performing tasks that require root privileges. By doing so, the current user is only granted privileged for the specified command. On the other hand, su switches to the root user completely, exposing the entire system to potential accidental modification.

How to Use the su Command

The su command stands for substitute user, and it is mostly used for switching from one user to another. It does this by starting a login shell in the current directory and environment (su) or by completely changing to the setting of the target user (su -) .

The main syntax is:

su [user_name]

or

su - [user_name]

If the command is used without the argument, it switches to the superuser (root) account.

Switch to root user using the su command.

How Does the su Command Work?

To invoke another user’s shell within the working directory/user environment, use the su command (without the hyphen).

For instance, to operate as a user named phoenixnap, run:

su phoenixnap

Then, provide the password for the phoenixnap account and hit Enter.

The shell should change, displaying you now have operator access to the specified account. However, the user environment remains the same, as in the image below:

How to use the su command.

How Does the su - [hyphen] Command Work?

To move to another user and switch to that target user environment, use the su - command.

Therefore, to switch to the phoenixnap user and move to its login shell, type the command:

su - phoenixnap

Type in the password for the phoenixnap account and hit Enter to confirm. The output should appear similar as in the following image:

Switch to another Linux account and its environment.


Note: Additional attributes that allow moving to another user and its login interface include: su - l (or --login) [username].

For more details about the su command, see our article on How to Use the su Command With Examples.


How to Use the sudo Command

sudo is used as a prefix to Linux commands, which allows the logged in user to execute commands that require root privileges. Unlike su, the sudo command in Linux requires providing the password for the user running the command.

All administrative and executable tasks require maximum permission (held by root). In such cases, it is recommended to use sudo.

The main syntax is:

sudo [command]

Before the system executes the command, it asks for the password of the current user.

Bear in mind that the sudo option can only be used by users who belong to the sudoers group.

Adding a User to the Sudoers Group

For a user to execute a command that requires the sudo prefix, it has to be part of the sudoers group.

To add a user to the sudoers group, run the following command (as root or an account that already has sudo privileges):

usermod -aG sudo [user_name]

For instance, to add the account phoenixnap, you would type:

sudo usermod -aG sudo phoenixnap

To see a list of accounts that belong to the sudoers group run:

sudo getent group sudo

The output should display the account added in the previous step:

List users in the sudoers group.



How sudo and su Work on Different Linux Distributions

su is an older but more fully-featured command included in all Linux distributions. It is the traditional way to switch to the root account.

Linux discourages working as root as it may cause unwanted system-wide changes and suggests using sudo instead. For this reason, all Ubuntu-based releases are sudo-only, meaning the root account is not active by default.

While installing an Ubuntu OS, you create a user automatically labeled as part of the sudoers group. However, there is no root account setup. To enable the root user, you need to activate it manually.

On the other hand, other Linux distributions, such as Fedora, create a root and user account upon installation.

Enabling the Root Account

If you are using an Ubuntu-based distribution and try to switch to the root user, the output informs you there is an Authentication failure.

Authentication failure when trying to move to root user in Ubuntu.
To activate the root user, run the command:

sudo passwd root

Next, the output asks to set the password for the root user. Type and retype a secure password, then hit Enter. The system should notify you the password has been updated successfully.

How to enable the root user on Ubuntu.

Verify the root user is active by switching to it its login shell with su -.

Switch to the root user on Ubuntu.


Note: It’s recommended to change passwords regularly. This guide can help you change or reset your Linux root password in Ubuntu or CentOS.


Additional Features

Although sudo is mainly linked to executing commands with root privileges, it can also be used to change the root user. Switch to the root user and acquire the root environment with:

sudo -i

Type in the password for the user currently in use. You should now be in the root shell.

Move to root shell using the sudo command.

Likewise, su can also function as sudo and run a single command as the root:

su -c [command]

Conclusion

After reading this article, you should understand the difference between the sudo and su command. Remember to use sudo whenever you can to prevent potential security and system-wide issues.


Next you should also read