The Differences between Sudo and Su in Linux: A Beginner’s Guide.

In Linux, managing user privileges is essential for system security. Two of the most commonly used commands for gaining elevated privileges are sudo and su. While both serve to execute commands with higher privileges, they work in fundamentally different ways. This tutorial will walk you through the key differences between sudo and su, helping you understand when and how to use them effectively.

What Is Root?

In Linux, root is the superuser account, also known as the administrator. The root user has unrestricted access to all files and system settings, allowing them to perform any action on the system. From installing software to modifying system configurations, the root account can do it all. However, because the root account has such powerful access, it is important to use it carefully. Mistakes made as the root user can lead to catastrophic results, such as deleting important files or misconfiguring the system.
When you operate as root, you hold the power to:

• Delete any or all files
• Modify permissions for any files
• Change the system's runlevel
• Manage user accounts
• Mount or unmount filesystems
• Install or remove software
• Create, delete, and modify filesystems

This level of control allows for complete system management, but it also comes with significant risk if used carelessly. As the root user, you have absolute control over the system. This is the administrator account with unrestricted privileges, meaning the system won't ask, "Are you sure?" when you run critical commands.
For example, if you accidentally execute rm -rf * in the root directory / instead of /var/tmp/cache, all files and directories will be recursively deleted without any warning prompt; making your system unusable! Mistakes made as the root user are often irreversible and can be catastrophic. In essence, root access grants you total authority over the system, making it extremely powerful but also highly risky.

What Is sudo?

sudo, which stands for "superuser do", allows a user to execute a single command with root (administrator) privileges, without actually logging in as the root user. It's typically used to perform administrative tasks such as installing software, editing system files, or modifying settings that require elevated access.

Example:

$ sudo apt update

In this example, sudo runs the apt update command as root, allowing you to update your system's package lists. The user will be prompted for their own password to confirm their identity, not the root password.

Key Points About sudo:

• Temporary Root Privileges: You are granted root privileges for a single command.
• Security: Only authorized users can run commands with sudo, and actions are logged.
• No Full Root Access: You don't switch to the root account, which minimizes the risk of accidental system damage.

What Is su?

su, which stands for "substitute user", allows you to switch to another user account, usually the root user. Once switched, you have the full privileges of the target user, and you can execute multiple commands as that user. Unlike sudo, which is used for individual commands, su effectively gives you a root shell session, unless a specific user is specified.

Examples:

$ su

This command switches to the root user, and you'll be prompted for the root password. Once entered, you will have full root privileges.

If you want to switch to a specific user, use the following command:

$ su - rover

This switches to the rover user account, and you'll need to enter rover's password (unless you're logged in as root).

Key Points About su:

• Full Root Access: When you use su, you essentially become the root user or the user specified.
• Longer Sessions: It keeps you logged in as the root user until you exit, which can lead to accidental mistakes.
• Requires Root Password: You must know the root password to use su (unless you're already logged in as root).

When to Use sudo vs su

Use sudo when:

• You need to run a single administrative command.
• You want to limit the duration of elevated privileges to just that command.
• You need better security and accountability (since sudo logs actions).
• You don’t want to switch to the root user completely.

Use su when:

• You need to run multiple commands as root.
• You want to work in a root session (although this comes with risks).
• You need to switch to a different user entirely.

Security Considerations

While both sudo and su grant administrative privileges, sudo is generally considered a more secure option.
This is because:

• It restricts access to root privileges based on user configurations in /etc/sudoers.
• It logs every command run with elevated privileges, which adds a layer of accountability.
• It minimizes the time spent with full root access, reducing the potential for accidental damage.

On the other hand, using su gives you full root access for the duration of the session, which can be risky, especially if you forget to exit the root shell or make a mistake during your session.

In Linux, both sudo and su allow you to perform tasks that require root privileges, but they differ in how they grant access and in the level of control they provide. sudo is ideal for executing single commands with elevated privileges, while su is better suited for switching to a full root session. For security and control, sudo is generally the recommended method for performing administrative tasks.

We hope this was helpful!