ZhangZhihui's Blog  
Linux - Difference between sudo and su

sudo su - sas

 

Both su and sudo are used to gain administrative (root) privileges in Linux, but they work in fundamentally different ways regarding security, identity, and logging.

The simplest way to remember it is: su means switching your identity, while sudo means borrowing permission.

1. The su Command (Substitute User)

su is the older, traditional way to become another user (usually the root/superuser).

  • How it works: When you type su, you are asked for the Root password.

  • The Result: You become the root user entirely. You stay in the root shell until you type exit.

  • The Risk: You must share the actual root password with anyone who needs it. This is dangerous because if that password is leaked, the whole system is compromised.

  • Usage: su - (The - ensures you also get the root user's environment variables and path).

2. The sudo Command (SuperUser Do)

sudo is the modern, preferred method for administrative tasks.

  • How it works: When you type sudo <command>, you are asked for your own user password.

  • The Result: The system checks a special file (the sudoers file) to see if you have permission to run that command. If you do, it runs that single command with root privileges and then "drops" you back to your normal user level.

  • The Benefit: You never need to know the root password. Admins can grant specific people permission to run specific commands without giving them "the keys to the kingdom."

  • Usage: sudo apt update or sudo systemctl restart nginx.

Key Differences at a Glance

Feature su sudo
Password Required Root's password. Your own password.
Scope Switches the entire shell session. Usually runs a single command.
Logging/Audit Poor (hard to see who did what). Detailed (logs exactly who ran what command).
Security High risk (password sharing). Low risk (granular control).
Default in Ubuntu Root account is usually locked. Primary way to manage the system.

 

 Can I use 'su - another_user' ?

 

Yes, you absolutely can. The command su - another_user is the standard way to switch from your current account to a different user account on a Linux system.

What the - (hyphen) does

The hyphen is a shortcut for --login. It is arguably the most important part of the command because it tells the system to provide a fresh login environment for that user.

When you use the hyphen:

  • Directory change: You are automatically moved to that user's home directory (/home/another_user).

  • Environment variables: The system loads that user's specific profiles (like .bash_profile, .bashrc, or .profile).

  • Path: The $PATH variable is updated to match that user's permissions and tools.

Comparison: With vs. Without the hyphen

Command Effect Best For...
su another_user Switches user but keeps your current environment (you stay in your current folder and keep your current $PATH). Quick tasks where you need to run one command and don't care about the user's settings.
su - another_user Switches user and loads their full environment. Setting up software, running scripts, or doing work as if you actually logged in as that person.
posted on 2022-11-28 09:17  ZhangZhihuiAAA  阅读(0)  评论(0)    收藏  举报
 
博客园  ©  2004-2025
浙公网安备 33010602011771号 浙ICP备2021040463号-3