The Difference Between Su, Sudo Su, Sudo -i, and Sudo -s

As Linux administrators, you have to go through tons of things like securing the system against unknown access and creating standard users instead of allowing direct root access.

Sometimes, even the normal user requires some extra privileges depending upon their role. Switching to a different user or accessing a root account is one of them.

However, there are no single but multiple ways to switch to a different user or superuser in Linux. It may create confusion for beginners as to which command to use and which command is relevant in which situation.

Today, in this beginner’s guide, you will learn about the different ways and how they differ from each other, and when to use them to switch to another user or get root access in Linux.

su

The su command is the most basic command to switch a current user to another account or superuser without changing the current working directory and user environment.

The usage is pretty simple. If you want to switch to any specific user, like trendoceans, then specify the su with username as an argument and then it will ask for a user password that you need to enter in order to get account access, as shown below.

[email protected]:~$ su jake
Password: 
$ whoami
jake

To switch to a superuser or root account, execute su without any arguments, and then it will ask for the root account password, as shown below.

[email protected]:~$ su
Password: 
[email protected]:/home/trendoceans# whoami
root

As you see, the su command is effective for switching to another account or superuser if you know their account password. However, it also prevents a user from accessing the account if they do not know the target account password.

For example, in order to access the root account, I need to know the root account password; otherwise, I’ll not be able to gain access.

But don’t worry, there are a few more ways to access another user’s account or gain access to superusers without knowing their password, which we are about to learn.

sudo su

The sudo su is similar to the standard su command, only the difference is that executing su will ask for that user account password. However, using sudo su to switch to another user account or superuser requires the current user password.

Note: Giving access to sudo will let users switch to any account using the sudo su command, which might be unnecessary for them and system security. It is recommended to give access to sudo and su to only trusted users and disable them for untrusted users.

As you see below, I will try to access the jake account without knowing its password but using my current password.

[email protected]:~$ sudo su jake
[sudo] password for trendoceans: 
$ whoami
jake

Same with the superuser account, which will require my current password when accessed using the sudo su command.

[email protected]:~$ sudo su
[sudo] password for trendoceans: 
[email protected]:/home/trendoceans# whoami
root

When you access or switch to another user account, you are able to set environment variables. However, sudo su creates multiple setuid which makes it more challenging to know which variable will be kept and which one will be changed.

To prevent it from happening and get a cleaner version we will use the sudo -i command, which you are about to learn.

sudo -i

It is similar to the sudo su command but way better because you do not have to directly interact with the root user.

For example, if you want to execute the whoami command without switching to the user, then specify the command as an argument to the sudo -i command and then it will ask for the current account password, as shown below.

[email protected]:~$ sudo -i whoami
[sudo] password for trendoceans: 
root

If you want to completely switch to the root account, then execute the sudo -i command without any arguments.

[email protected]:~$ sudo -i
[sudo] password for trendoceans: 
[email protected]:~# whoami
root

And the best part about using this command is that you can share the environment variables with the root account without worrying about them being changed.

[email protected]:~$ test=this_is_variable
[email protected]:~$ echo $test
this_is_variable
[email protected]:~$ sudo -i echo $test 
[sudo] password for trendoceans: 
this_is_variable

As you can see, sudo su and sudo-i are very identical, only sudo -i is a cleaner and simpler way to gain root access without directly interacting with the root user.

Another difference is that sudo -i does not create multiple setuid commands in the background, which makes it easier to figure out which environmental variable will be kept and which one will be changed.

sudo -s

It allows you to run the command as root and does not require a root account password. Do you think it is similar to the above two commands? Then you are wrong. The other sudo su and sudo -i commands take the user of root environment variables.

Unlike the other two commands, it will not read or change any of the user’s environmental files. It is best used when you want to access the root account with its $SHELL environmental value.

[email protected]:~$ sudo -s
[sudo] password for trendoceans: 
[email protected]:/home/trendoceans# whoami
root

TLDR

su: will allow you to switch to any user account or superuser account with their account password.

sudo su: can also be used to switch to any normal or root user account with your current password.

sudo -i: This allows you to interactively access the root account without direct access using your current password.

sudo -s: This allows you to access the root account without touching the environment files using your current password. By default, when you execute any command with sudo in front of it, it will use this method for execution.

Wrap Up

If you are still confused about which approach to follow, then I recommend you use any of the sudo -i or sudo -s commands.

But remember, both are not 100% great choices. Most of the time, it depends upon the situation which command is most suitable to get the job done.

If you still have any confusion or questions, then do let us know in the comment section.

Leave a Reply