As Linux administrators, you have to go through tons of things like securing the system against unknown access and creating standard users instead of allowing direct root access.
Sometimes, even the normal user requires some extra privileges depending upon their role. Switching to a different user or accessing a root account is one of them.
However, there are no single but multiple ways to switch to a different user or superuser in Linux. It may create confusion for beginners as to which command to use and which command is relevant in which situation.
Suggestion: What will happen if I run “sudo rm -rf /” on Linux?
Today, in this beginner’s guide, you will learn about the different ways and how they differ from each other, and when to use them to switch to another user or get root access in Linux.
Table of Contents
su
The su
command is the most basic command to switch a current user to another account or superuser without changing the current working directory and user environment.
The usage is pretty simple. If you want to switch to any specific user, like trendoceans,
then specify the su
with username
as an argument and then it will ask for a user password that you need to enter in order to get account access, as shown below.
trendoceans@linux:~$ su jake
Password:
$ whoami
jake
To switch to a superuser or root account, execute su
without any arguments, and then it will ask for the root account password, as shown below.
trendoceans@linux:~$ su
Password:
root@linux:/home/trendoceans# whoami
root
As you see, the su
command is effective for switching to another account or superuser if you know their account password. However, it also prevents a user from accessing the account if they do not know the target account password.
For example, in order to access the root account, I need to know the root account password; otherwise, I’ll not be able to gain access.
Also Read: Create New User with Sudo Privileges using Command-Line
But don’t worry, there are a few more ways to access another user’s account or gain access to superusers without knowing their password, which we are about to learn.
sudo su
The sudo su
is similar to the standard su
command, only the difference is that executing su
will ask for that user account password. However, using sudo su
to switch to another user account or superuser requires the current user password.
Note: Giving access to
sudo
will let users switch to any account using thesudo su
command, which might be unnecessary for them and system security. It is recommended to give access tosudo
andsu
to only trusted users and disable them for untrusted users.
Also Read: Revoke Users SUDO privileges in Linux
As you see below, I will try to access the jake
account without knowing its password but using my current password.
trendoceans@linux:~$ sudo su jake
[sudo] password for trendoceans:
$ whoami
jake
Same with the superuser account, which will require my current password when accessed using the sudo su
command.
trendoceans@linux:~$ sudo su
[sudo] password for trendoceans:
root@linux:/home/trendoceans# whoami
root
When you access or switch to another user account, you are able to set environment variables. However, sudo su
creates multiple setuid
which makes it more challenging to know which variable will be kept and which one will be changed.
Also Read: How to Disable ‘su’ Access for Sudo Users in Linux
To prevent it from happening and get a cleaner version we will use the sudo -i
command, which you are about to learn.
sudo -i
It is similar to the sudo su
command but way better because you do not have to directly interact with the root user.
For example, if you want to execute the whoami
command without switching to the user, then specify the command as an argument to the sudo -i
command and then it will ask for the current account password, as shown below.
trendoceans@linux:~$ sudo -i whoami
[sudo] password for trendoceans:
root
If you want to completely switch to the root account, then execute the sudo -i
command without any arguments.
trendoceans@linux:~$ sudo -i
[sudo] password for trendoceans:
root@linux:~# whoami
root
And the best part about using this command is that you can share the environment variables with the root account without worrying about them being changed.
trendoceans@linux:~$ test=this_is_variable
trendoceans@linux:~$ echo $test
this_is_variable
trendoceans@linux:~$ sudo -i echo $test
[sudo] password for trendoceans:
this_is_variable
As you can see, sudo su
and sudo-i
are very identical, only sudo -i
is a cleaner and simpler way to gain root access without directly interacting with the root user.
Also Read: How to run sudo command without password
Another difference is that sudo -i
does not create multiple setuid
commands in the background, which makes it easier to figure out which environmental variable will be kept and which one will be changed.
sudo -s
It allows you to run the command as root and does not require a root account password. Do you think it is similar to the above two commands? Then you are wrong. The other sudo su
and sudo -i
commands take the user of root environment variables.
Unlike the other two commands, it will not read or change any of the user’s environmental files. It is best used when you want to access the root account with its $SHELL
environmental value.
trendoceans@linux:~$ sudo -s
[sudo] password for trendoceans:
root@linux:/home/trendoceans# whoami
root
TLDR
su: will allow you to switch to any user account or superuser account with their account password.
sudo su: can also be used to switch to any normal or root user account with your current password.
sudo -i: This allows you to interactively access the root account without direct access using your current password.
sudo -s: This allows you to access the root account without touching the environment files using your current password. By default, when you execute any command with sudo
in front of it, it will use this method for execution.
Wrap Up
If you are still confused about which approach to follow, then I recommend you use any of the sudo -i
or sudo -s
commands.
But remember, both are not 100% great choices. Most of the time, it depends upon the situation which command is most suitable to get the job done.
If you still have any confusion or questions, then do let us know in the comment section.
Innovative tech mind with 12 years of experience working as a computer programmer, web developer, and security researcher. Capable of working with a variety of technology and software solutions, and managing databases.