The Differences between Su, Sudo Su, Sudo -s and Sudo -i

Mte Explains Sudo Featured

There are many different ways to get a root session in the Linux terminal. This can create some confusion, as most beginning users who are looking to gain root privileges might not be familiar with how each command can gain root access, how they are different and when these differences matter. Here we take apart each of the many different commands used to gain root access in a terminal, explain how they gain root, when to use them, and everything in between.

su

The su command substitutes the current user the system is using in the shell.

Linuxsudo Su

You can switch to any user by typing su and adding a username after it. This will tell the system to switch (and essentially log out of) the current user to the one specified. Alternatively, the su command can gain root access by entering su without specifying anything after the command.

“su” is best used when a user wants direct access to the root account on the system. It doesn’t go through sudo or anything like that. Instead, you’re asked to enter the root user’s password because you’re literally logging into it. Furthermore, other ways of gaining root access do not have the benefit of also getting access to the root home directory and root environment.

sudo su

This command asks for the current user’s password as opposed to root.

Linuxsudo Sudosu

It’s essentially the same as just running su in the shell, save for one crucial difference. Instead of telling the system to “switch users” directly, you’re telling it to run the “su” command as root. When sudo su is run, “.profile,” “.bashrc” and “/etc/profile” will be started, much like running su (or su root). If any command is run with sudo in front of it, it is given root privileges.

Though there isn’t a large divergence between “sudo su” and “su,” sudo su┬áis still a very useful command for one important reason: When a user is running “su” to gain root access on a system, they must know the root password. Root is given with sudo su by requesting the current user’s password. This makes it possible to gain root without the root password which increases security.

sudo -i

Using sudo -i is virtually the same as the sudo su command with one exception: it does not directly interacting with the root user.

Linuxsudo Sudoi

Much like sudo su, the -i flag allows a user to get a root environment without having to know the root account password. sudo -i is also very similar to using sudo su, as it’ll read all of the environmental files (.profile, etc.) and set the environment inside the shell.

Where it differs from “sudo su” is that sudo -i is a much cleaner way of gaining root and a root environment without directly interacting with the root user. To clarify: With sudo su you’re using more than one root setuid command in the background. This makes it much more challenging to figure out what environmental variables will be kept and which ones will be changed (when swapping to the root environment). This is not true with sudo -i. Because of this, most people view it as the preferred method to gain root without logging in directly.

sudo -s

This command summons a shell with your $SHELL variable.

Linuxsudo Sudos

The -s switch for the “sudo” command reads the $SHELL variable of the current user executing commands. This command works as if the user is running sudo /bin/bash. Sudo -s is a “non-login” style shell. Unlike a command like sudo -i or sudo su, the system will not read any environmental files. When a user tells the shell to run sudo -s, it gains root but will not change the user or the user environment. Your home will not be the root home, etc.

Linuxsudo Shellupdate

This command is best used when the user doesn’t want to switch over to root but wants an interactive shell with its $SHELL environment value. Other commands talked about above gain root access but touch root environmental files and allow users fuller access to root (which can be a security issue).

Frequently Asked Questions

1. Which command should I use?

Each command has its use-case. The important thing here is to understand what each command does and when to use them. As it stands, sudo -i is the most practical, clean way to gain a root environment. On the other hand, those using sudo -s will find they can gain a root shell without the ability to touch the root environment, something that has added security benefits.

2. Can accessing root harm my system?

In some cases, yes. Unless you’re absolutely sure you need to access root for everything in a particular terminal session, it’s often better to just type sudo followed by a command if you want to access root for that particular command. For example, typing sudo apt install vlc in any Debian-based version of Linux would tell the operating system to access root just to run the APT package manager to install VLC.

One very important caveat to running sudo -i or any other variant we’ve discussed earlier as opposed to typing sudo before each command you want to run as root is that the former does not log your command history into /var/log/auth.log. If you mess up, you can’t go back and check on what you did so you can correct it. You’ll have to operate out of memory, as root sessions are not recorded.

3. When I type “sudo” before a command, which variant of “sudo su” am I running?

By typing sudo to execute a command (i.e., you’re typing it in the same line as the command you want to run), you’re essentially running it under an interactive root shell. This would be what the sudo -s standalone command does.

Wrapping Up

There really isn’t one command on this list that is 100% the best. As users get more comfortable with the command line, they’ll need to take each way of gaining root (and there are many) into account and weigh the pros and cons and act accordingly. I hope that with the help of this article these decisions will be easier to make. If you want to learn more about commands, read this article on useful Linux commands to list the contents of a directory.

Miguel Leiva-Gomez Miguel Leiva-Gomez

Miguel has been a business growth and technology expert for more than a decade and has written software for even longer. From his little castle in Romania, he presents cold and analytical perspectives to things that affect the tech world.

One comment

  1. Aren’t the differences between the various commands esoteric for all but regular CLI users? Do the proverbial “regular” users really have to concern themselves with these subtle differences?

    I use “sudo command” occasionally for single commands. When I need longer root access, I log in as root. Yes, I do realize the pitfalls.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.