If you’re a Linux user, you’ve probably seen references to both
su. These two commands are different ways of gaining root privileges. Each functions in a different way, and different Linux distributions use different configurations by default.
The Root User
sudo are used to run commands with root permissions. The root user is basically equivalent to the administrator user on Windows – the root user has maximum permissions and can do anything to the system. Normal users on Linux run with reduced permissions – for example, they can’t install software or write to system directories.
To do something that requires these permissions, especially operations that affects the system environment, you’ll have to acquire them with
Su vs. Sudo
su command switches to the super user – or root user – when you execute it with no additional options. You’ll have to enter the root account’s password. This isn’t all the
su command does, though – you can use it to switch to any user account. If you execute the
su johncommand, you’ll be prompted to enter john’s password and the shell will switch to john’s user account.
Once you’re done running commands in the root shell, you should type exit to leave the root shell and go back to limited-privileges mode. Or logout by pushing
sudo runs a single command with root privileges. When you execute sudo command, the system prompts you for your current user account’s password before running command as the root user. By default, Ubuntu remembers the password for fifteen minutes and won’t ask for a password again until the fifteen minutes are up.
This is a key difference between
su switches you to the root user account and requires the root account’s password.
sudo runs a single command with root privileges – it doesn’t switch to the root user, neither does it require a separate root user password. The users password is enough, but only if said user is a member of a certain group (more on that later).
Ubuntu vs. Other Linux Distributions
su command is the traditional way of acquiring root permissions on Linux. The
sudo command has existed for a long time, but Ubuntu was the first popular Linux distribution to go sudo-only by default. When you install Ubuntu, the standard root account is created, but no password is assigned to it. You can’t log in as root until you assign a password to the root account.
There are several advantages to using
sudo instead of
su by default. Ubuntu users only have to provide and remember a single password, whereas Fedora and other distributions require you create separate root and user account passwords during installation.
Another advantage is that it discourages users from logging in as the root user – or using
su to get a root shell – and keeping the root shell open to do their normal work. Running fewer commands as root increases security and prevents accidental system-wide changes.
Distributions based on Ubuntu, including Linux Mint, also use
sudo instead of
su by default.
A Few Tricks
Linux is immensely flexible, so it doesn’t take much work to make
su work similarly to
sudo – or vice versa. To run a single command as the root user with su, run the following command:
su -c command
This is similar to running a command with
sudo, but you’ll need the root account’s password instead of your current user account’s password.
To get a full, interactive root shell with
sudo –i. You’ll have to provide your current user account’s password instead of the root account’s password.
Adding Users to the Sudoers File
Only administrator-type accounts in Linux can run commands with
sudo. You can grant a user permission to use
sudo by running the
visudo command with root privileges (so run
su first or use
su -c). On some distributions you can also edit the file directly:
Add the following line to the file, replacing ‘user’ with the name of the user account:
user ALL=(ALL:ALL) ALL
In Gentoo/Sabayon it’s a little different. Only users under the group “wheel” can become root. Edit
/etc/group and add your user after wheel, then use
## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
The % tells the system that the name after is a group.
You should never run a full graphical environment as the root user – this is a very poor security practice, and many programs will even refuse to work. More importantly, most modern distributions will, by default, not allow root to login to a graphical environment (or GUI). Even on Windows, using the Admin account by default is a relatively bad habit, security wise.