SEARCH

How-To Geek

HTG Explains: What’s the Difference Between Sudo & Su?

image

If you’re a Linux user, you’ve probably seen references to both sudo and su. Articles here on How-To Geek and elsewhere instruct Ubuntu users to use sudo and other Linux distributions’ users to use su, but what’s the difference?

Sudo and su are two different ways to gain root privileges. Each functions in a different way, and different Linux distributions use different configurations by default.

The Root User

Both su and sudo are used to run commands with root permissions. The root user is basically equivalent to the administrator user on Windows – the root user has maximum permissions and can do anything to the system. Normal users on Linux run with reduced permissions – for example, they can’t install software or write to system directories.

To do something that requires these permissions, you’ll have to acquire them with su or sudo.

Su vs. Sudo

The su command switches to the super user – or root user – when you execute it with no additional options. You’ll have to enter the root account’s password. This isn’t all the su command does, though – you can use it to switch to any user account. If you execute the su bob command, you’ll be prompted to enter Bob’s password and the shell will switch to Bob’s user account.

Once you’re done running commands in the root shell, you should type exit to leave the root shell and go back to limited-privileges mode.

Sudo runs a single command with root privileges. When you execute sudo command, the system prompts you for your current user account’s password before running command as the root user. By default, Ubuntu remembers the password for fifteen minutes and won’t ask for a password again until the fifteen minutes are up.

image

This is a key difference between su and sudo. Su switches you to the root user account and requires the root account’s password. Sudo runs a single command with root privileges – it doesn’t switch to the root user or require a separate root user password.

Ubuntu vs. Other Linux Distributions

The su command is the traditional way of acquiring root permissions on Linux. The sudo command has existed for a long time, but Ubuntu was the first popular Linux distribution to go sudo-only by default. When you install Ubuntu, the standard root account is created, but no password is assigned to it. You can’t log in as root until you assign a password to the root account.

image

There are several advantages to using sudo instead of su by default. Ubuntu users only have to provide and remember a single password, whereas Fedora and other distributions require you create separate root and user account passwords during installation.

Another advantage is that it discourages users from logging in as the root user – or using su to get a root shell – and keeping the root shell open to do their normal work. Running fewer commands as root increases security and prevents accidental system-wide changes.

Distributions based on Ubuntu, including Linux Mint, also use sudo instead of su by default.

A Few Tricks

Linux is flexible, so it doesn’t take much work to make su work similarly to sudo – or vice versa.

To run a single command as the root user with su, run the following command:

su -c ‘command’

This is similar to running a command with sudo, but you’ll need the root account’s password instead of your current user account’s password.

To get a full, interactive root shell with sudo, run sudo –i.

image

You’ll have to provide your current user account’s password instead of the root account’s password.

Enabling the Root User in Ubuntu

To enable the root user account on Ubuntu, use the following command to set a password for it. Bear in mind that Ubuntu recommends against this.

sudo passwd root

Sudo will prompt you for your current user account’s password before you can set a new password. Use your new password to log in as root from a terminal login prompt or with the su command. You should never run a full graphical environment as the root user – this is a very poor security practice, and many programs will refuse to work.

image

Adding Users to the Sudoers File

Only administrator-type accounts in Ubuntu can run commands with sudo. You can change a user account’s type from the User Accounts configuration window.

image

Ubuntu automatically designates the user account created during installation as an administrator account.

image

If you’re using another Linux distribution, you can grant a user permission to use sudo by running the visudo command with root privileges (so run su first or use su -c).

Add the following line to the file, replacing user with the name of the user account:

user    ALL=(ALL:ALL) ALL

Press Ctrl-X and then Y to save the file. You may also be able to add a user to a group specified in the file. Users in the groups specified in the file will automatically have sudo privileges.

image

Graphical Versions of Su

Linux also supports graphical versions of su, which ask for your password in a graphical environment. For example, you can run the following command to get a graphical password prompt and run the Nautilus file browser with root permissions. Press Alt-F2 to run the command from a graphical run dialog without launching a terminal.

gksu nautilus

image

The gksu command also has a few other tricks up its sleeve – it preserves your current desktop settings, so graphical programs won’t look out of place when you launch them as a different user. Programs such as gksu are the preferred way of launching graphical applications with root privileges.

Gksu uses either a su or sudo-based backend, depending on the Linux distribution you’re using.


You should now be prepared to encounter both su and sudo! You’ll encounter both if you use different Linux distributions.

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 04/17/12

Comments (18)

  1. Gepeto

    And what about using “$ sudo su” or “$ sudo -s” to get root privileges access. I never had to enable the root user in Ubuntu but sometimes some commands failed with just the ‘sudo’ one but not with the ‘su’ one. When I need to switch to the Root User, i just do “$ sudo su”. Is there any difference with enabling the root user ?

  2. Wil

    Other important thing to know about Su and Sudo is I believe you need to use sudo to make someone get a sandwich.

    http://xkcd.com/149/

  3. Citrus Rain

    I’ve never seen (perhaps not noticed) ‘su’ before.

  4. cam2644

    Again some well laid out explanations of using Linux. Thanks

  5. Shashi Kumar Raja

    Nice explanation…I was asked this question in my semester exam.

  6. prince

    Good to know about the HTG Explains: What’s the Difference Between Sudo & Su?

  7. MJ

    Quite interesting, thank you very much for the information.

  8. ruben

    I always use “sudo bash” instead of “sudo -i”, but I assume that this is just personal taste

  9. Ed Vim

    Since most general tech articles always seem to infer that ‘su’ is short for superuser, just for trivia’s sake it’s important to note that there’s often debate about that. Older IT folk still think it’s ‘switch user’ since that’s just what the command is used for, to change user accounts. (And ‘sudo’ is for ‘switch user do’) One of the notable features of Unix was it’s robust capability to have multiple user accounts, and switching between accounts was not always just involving a general user account and the root account.

  10. djf

    Thanks.

    I knew most of this – but – I could have never explained it in such a straight forward way. So I very much enjoyed the read.

    And I also believe su=switch user …

  11. mgo

    I am so put off by Linux snobs who just refuse to explain things! It is almost like, “you are not worthy…so we will not tell you anything about Linux”. So…thanks for your clear explanation from a would-be Linux user.

  12. LEster

    su – ‘switch user’

  13. Shamus

    Some subtle differences:
    sudo bash: bad, sets id to root, but environment is still for your old self (HOME, etc)
    sudo -i: better, now root, but some environment variables still point to old self (MAIL).
    sudo su -: best, now root with no trace of former user.

  14. Pepper Networks

    Major thanks to the author, and to Shamus! The environment is not something I had really considered when using sudo. And the Ubuntu tidbit about sudo remembering the password for 15 minutes solves a mystery that had been in the back of my mind but was never worth the effort to Google, despite the fact that I sell computers with Ubuntu pre-installed. I don’t think there’s been any article by HtG that hasn’t taught me something.

  15. Simon Hiemstra

    The proper abbreviation:
    su = substitute user
    ‘do’ is added to make ‘su-do’, as in: su, do it.

    Not, ‘switch user’ or ‘super user’.

  16. Greg P

    One of the powers of the su command is that if you do know the root password, you can become any other user whether you know their password or not.
    First become root,
    then ‘su bob’ and you become bob without having to enter the password. It’s useful on an install to become postgres, for example. You don’t have to bother to set up a password for postgres.

  17. David

    I usually do ‘sudo bash’ when i need a root shell, didn’t know there was an option ‘-i’.

  18. Rick S

    Sorry to hear that mgo,
    I was introduced to Linux when I had brain damage and to get anything to stay in my head had to be driven in with a sledge hammer many times over and still does.

    Like anywhere else where you find people you find the odd a-hole but I haven’t run into any yet.
    Some of those people really know their stuff and just won’t bother answering a question that you can just Google.
    Tell them where you looked to get info and if you are looking in the wrong place somebody will tell you where or just answer your question. Also you can find lots of answers right here on HTG.

    I suggest trying Mageia, PCLinuxOS, Mint or Ubuntu. They just work without having to ask anybody anything.
    There are many more out there, Some just as good and others not. If you screw up it don’t cost anything to fix. They are fast, virus free, and free. Enjoy.

Enter Your Email Here to Get Access for Free:

Go check your email!