IT-Connect » Courses - How-to » System administration » Linux » sudo, su, su – : What are these commands used for in Linux? What are the differences?

Linux - Understanding the differences between sudo and su
Linux

sudo, su, su – : What are these commands used for in Linux? What are the differences?

Florian Burnel 0 Comments

I. Introduction

Under Linux, executing a command with elevated privileges requires the use of the sudo command. However, it's not uncommon to use other commands, such as those mentioned in some of our tutorials: su and su -. What are these commands used for? What makes them different? That's what we're going to find out in this article.

sudosu, and su -: although these commands can all be used to execute tasks with administrative rights, they differ in their operation and use. How to order sudo is used to execute commands with the privileges of another user, usually the root. To use sudo, the user must be authorized by a rule defined in the /etc/sudoers configuration file.

II. Linux: the su command

A. Definition

The su command, whose name stands for Substitute User, switches to another user, by default root. Unlike sudo, the su command does not ask for the password of the current user, but that of the target user (i.e. the root user).

This is not the only difference between sudo and su ! In fact, when using the suyou switch to the root since you're changing user. Conversely, with the control sudo, this is a delegation of rights that must be authorized via the file /etc/sudoers, while su does not need this delegation. All you need to know is the user's password. root.

B. Example of use

To switch to the root user, the flo user currently logged in on the Linux machine can simply use this command:

su

He will then be prompted to enter the user's password root. If he doesn't know it, the request will be refused.

III. Linux: the su - command

A. Definition and use

The su - command, on the other hand, is a variant of su allowing you to switch to another user while loading their environment. This means that all the target user's environment variables and configurations will be applied. This sentence means that this is not the case when using su ? You've got it all figured out...

When using suyou switch to the rootbut without fully loading the environment. There are no environment variables, nor its profile. Whereas with su -You're in charge of the entire environment.

su -

You can also switch to a specific user's session, here it-connect :

su - it-connect

B. The difference between su and su - in practice

There's a very simple way of finding out: if you display the current directory, just after executing either of these two commands, you'll see that there's a difference.

To illustrate the difference between su and su - in another way, let's consider an example involving the use of a variable.

Suppose the user root has a custom environment variable defined in its .profile file. We could add this line to declare the variable VAR.

export VAR="Je suis root"

This variable is loaded only when root logs in with a full connection session (full environment). Now let's move on to the tests...

When user flo uses su to switch to root :

su

It becomes root but retains the flo environment. If flo tries to access the variable VAR: 

echo $VAR

The command won't return anything! This is normal since VAR is not defined in the flo environment... Now let's test the second method.

On the other hand, if the flo user uses the su - command to switch to root :

su -

It becomes root and loads the complete superuser environment. So now we can access the VAR variable: 

echo $VAR

The order will return :

Je suis root

This shows and proves that su - has loaded the complete environment of rootincluding the environment variables defined in its configuration files. You can see the difference in the image below:

In addition, it is interesting to note that when you use sudo -iyou switch to an Interactive Terminal as a rootand you have access to the complete environment. So, in our case, the variable $VAR is accesible.

Note: the main difference lies in authentication. The sudo -i command allows you to track and control root access via sudo policies, using the password of the account that initiated the command. For its part, su - is more direct, but requires knowledge of the target user's password.

IV. Do not use the sudo su command

In some documentation, you may have come across the command sudo su. However, this command is of no interest since the control sudo in itself already offers arguments for reproducing its behavior. The use of sudo su is common practice, but often inadvisable.

Let's start by analyzing the composition of the sudo sucommand, as it's a combination of two commands. sudo allows you to execute a command with the privileges of another user (usually root), while su allows you to switch to another user.

So, in concrete terms, when you run sudo su, you first use sudo to obtain the necessary privileges to run su, which in turn gives you a root shell.

A. Why is this not advisable?

With sudoEvery command executed is recorded in logs, enabling precise tracking of actions carried out with elevated privileges. So there's an interest in traceability. When you use sudo suonly the execution of su is given by sudoand not the commands executed in the shell root that follows.

In addition, on a Linux machine, the administrator can use sudo to authorize only a restricted set of commands for a given user, thus reinforcing security. Switching to a full shell sudo suThe user bypasses this limitation and obtains unrestricted access.

B. Recommended alternatives

Rather than using this command, we recommend using the native options of the sudo command, namely :

  • sudo -i to obtain a root shell with the root environment loaded (variables, profile, etc.), as an alternative to sudo su -.
  • sudo -s to obtain a root shell while preserving the current user's environment, as an alternative to sudo su.

IV. Conclusion

By reading this article, you should better understand the differences between sudo, su, and su - under Linux. This will also enable you to use the right command, depending on the context and your needs.

Keep the following in mind:

  • The sudo command lets you execute a command as another user, usually root.
  • When you use suto switch to user root, you retain the current user's environment.
  • When you use su - to switch to user root, you load the complete environment of user root.
  • The sudo -i and sudo -s commands are recommended alternatives to sudo su and sudo su -.
author avatar
Florian Burnel Co-founder of IT-Connect
Systems and network engineer, co-founder of IT-Connect and Microsoft MVP "Cloud and Datacenter Management". I'd like to share my experience and discoveries through my articles. I'm a generalist with a particular interest in Microsoft solutions and scripting. Enjoy your reading.
See Full Bio
social network icon social network icon social network icon
Share on X Share on Facebook Share on Linkedin Send by e-mail

You May Also Like

Linux - Master File Permissions with the chmod Command

Linux : how to manage permissions with the chmod command?

Florian Burnel 0
Linux - Learn How to Use the chown Command

Linux : how to change the owner of a file with the chown command?

Florian Burnel 0
Linux - The mv command - examples of use

The mv command under Linux: examples of use

Florian Burnel 0

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.