If you’re a Linux user, you’ve probably seen references to both sudo and su. These two commands are different ways of gaining root privileges. Each functions in a different way, and different Linux distributions use different configurations by default.
The Root User
Both su and sudo are used to run commands with root permissions. The root user is basically equivalent to the administrator user on Windows – the root user has maximum permissions and can do anything to the system. Normal users on Linux run with reduced permissions – for example, they can’t install software or write to system directories.
To do something that requires these permissions, especially operations that affects the system environment, you’ll have to acquire them with su or sudo.
Su vs. Sudo
The su command switches to the super user – or root user – when you execute it with no additional options. You’ll have to enter the root account’s password. This isn’t all the su command does, though – you can use it to switch to any user account. If you execute the su johncommand, you’ll be prompted to enter john’s password and the shell will switch to john’s user account.
Once you’re done running commands in the root shell, you should type exit to leave the root shell and go back to limited-privileges mode. Or logout by pushing CTRL+D.
sudo runs a single command with root privileges. When you execute sudo command, the system prompts you for your current user account’s password before running command as the root user. By default, Ubuntu remembers the password for fifteen minutes and won’t ask for a password again until the fifteen minutes are up.
This is a key difference between su and sudo;
su switches you to the root user account and requires the root account’s password.
sudo runs a single command with root privileges – it doesn’t switch to the root user, neither does it require a separate root user password. The users password is enough, but only if said user is a member of a certain group (more on that later).
Ubuntu vs. Other Linux Distributions
The su command is the traditional way of acquiring root permissions on Linux. The sudo command has existed for a long time, but Ubuntu was the first popular Linux distribution to go sudo-only by default. When you install Ubuntu, the standard root account is created, but no password is assigned to it. You can’t log in as root until you assign a password to the root account.
There are several advantages to using sudo instead of su by default. Ubuntu users only have to provide and remember a single password, whereas Fedora and other distributions require you create separate root and user account passwords during installation.
Another advantage is that it discourages users from logging in as the root user – or using su to get a root shell – and keeping the root shell open to do their normal work. Running fewer commands as root increases security and prevents accidental system-wide changes.
Distributions based on Ubuntu, including Linux Mint, also use sudo instead of su by default.
A Few Tricks
Linux is immensely flexible, so it doesn’t take much work to make su work similarly to sudo – or vice versa. To run a single command as the root user with su, run the following command:
su -c command
This is similar to running a command with sudo, but you’ll need the root account’s password instead of your current user account’s password.
To get a full, interactive root shell with sudo, run sudo –i. You’ll have to provide your current user account’s password instead of the root account’s password.
Adding Users to the Sudoers File
Only administrator-type accounts in Linux can run commands with sudo. You can grant a user permission to use sudo by running the visudo command with root privileges (so run su first or use su -c). On some distributions you can also edit the file directly: /etc/sudoers
Add the following line to the file, replacing ‘user’ with the name of the user account:
user ALL=(ALL:ALL) ALL
In Gentoo/Sabayon it’s a little different. Only users under the group “wheel” can become root. Edit /etc/group and add your user after wheel, then use visudo to:
## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
The % tells the system that the name after is a group.
You should never run a full graphical environment as the root user – this is a very poor security practice, and many programs will even refuse to work. More importantly, most modern distributions will, by default, not allow root to login to a graphical environment (or GUI). Even on Windows, using the Admin account by default is a relatively bad habit, security wise.