Sudo vs. su: Which Command Should You Use?

MakeUseOf

By David Delony

Published Aug 8, 2021

On Linux, there are two commands to get superuser access: su and sudo. Which one should you use depends on the task at hand.

Depending on your Linux setup, you may perform administrative tasks using either the su command or sudo. It's easy to confuse these two commands since both of them have similar functions.

So, which command should you use? Let's find out.

Su Gives You Full Root Access

The traditional way to access the root account to configure a Linux system, going back to the Unix days, is using the su command:

        su &ndash;

The "-" means that you'll have the same environment as you would if you logged in directly as root. The system will prompt you for your password. If you're successful, the prompt will change to a "#" character. You can then run any commands you need to as root.

Type logout or hit Ctrl + D to return to the standard user privilege when you're finished.

While su is useful, the main problem is that it's an all-or-nothing option. You have full root access or ordinary privileges. If you have multiple administrators on a server, you'll have to share the same root password.

Sudo Gives You More Control

More Linux distributions like Debian and Ubuntu are installing sudo by default because it's safer than using su. It's a mature tool that's been around since 1980.

Sure, you only have to remember one password, but sudo's full power comes with managing multiple admins on multiple machines. It's so useful that sudo has been immortalized in geek culture in a famous XKCD comic. You can even configure sudo to run without a password, but this is obviously not recommended for servers where security is paramount.

In addition to full root access as with su, you can specify which users can run which commands on which systems in the /etc/sudoers file. Because of the flexibility of sudo, the /etc/sudoers syntax is complex.

Use sudo When You Can

Because sudo is granular and more secure than su, more Linux distributions set it as the default superuser command. Usually, the first user is designated an "administrative" user and thus set up to use sudo.

If a system doesn't have sudo installed, it's easy to obtain from the package manager. After installation, for any other administrative users, it's just a matter of adding a user to the right group, typically "admin," "sudo," or "wheel." These user groups are also distro-specific.

Now You Can Securely Administer Your Linux System

With sudo, it's easy to administer your Linux system with just your user password. Users often overlook the flexibility of this tool. While Linux is a secure operating system, no operating system is perfect. There are still some security concerns in Linux that you should be aware of.