Home Beginner's Guide When to use ‘su’ vs. ‘sudo’ in Linux: A comprehensive guide

When to use ‘su’ vs. ‘sudo’ in Linux: A comprehensive guide

This guide compares 'su' and 'sudo', two fundamental commands in Linux for managing user privileges. Learn the differences in their usage, security implications, and scenarios where each command is most effective, enhancing your understanding of Linux system administration and security.

by Divya Kiran Kumar
'su' vs. 'sudo' in linux

Linux, known for its robustness and flexibility, offers various tools for managing user permissions. Two such critical tools are su and sudo. As a long-time Linux user, I’ve had my fair share of experiences (and sometimes frustrations) with both. In this article, I’ll delve into the intricacies of su and sudo, how they differ, and guide you through configuring them on your system.

What are su and sudo?

The su command

su, short for ‘switch user’, is a command used to switch the current user context to another user. When run without any arguments, it defaults to switching to the root user. This command is handy, but it has its drawbacks, such as the need to share the root password, which I’ve always found a bit unsettling from a security standpoint.

Example usage:

$ su

Did you get the “su: Authentication failure” error when you ran su?

Encountering an “Authentication failure” message when trying to use su is a common issue, especially for new Linux installations or users. This often happens when the root user’s password is not set or if you’re entering the wrong password. Let’s address how to set up or reset the root password, which should solve this issue.

Understanding the root user

The root user, also known as the superuser, is the most powerful user in the Linux environment. It has unrestricted access to all commands and files. In many Linux distributions, especially those based on Ubuntu, the root user is not intended to be accessed directly. Instead, sudo is used for administrative tasks. However, in some cases, direct root access might be necessary.

Setting up or resetting the root password

If you’ve never set a root password or have forgotten it, you can set or reset it using the following steps. Note that you’ll need physical access to the machine or access to the console through a virtual machine manager.

The sudo command

sudo, standing for ‘superuser do’, allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. This tool is a staple in my Linux toolkit, as it provides fine-grained control over who can do what.

Example usage:

$ sudo apt update
[sudo] password for user: 

Configuring sudo

1. Installing sudo

Not all Linux distributions come with sudo pre-installed. To install it, you typically need root access.

On Debian/Ubuntu:

$ su
# apt-get install sudo


$ su
# yum install sudo

2. Editing the sudoers file

Editing the sudoers file is a critical step in configuring sudo. This file, typically located at /etc/sudoers, dictates who can run what commands on your system. It’s essential to edit this file with care to prevent any misconfigurations that could lead to security vulnerabilities or even lock you out of administrative access.

Why use visudo?

Always edit the sudoers file using the visudo command. This command opens the file in a safe editing environment (usually the default text editor for your system) and more importantly, checks for syntax errors before saving. A syntax error in the sudoers file could render sudo unusable, requiring a fix through recovery mode or root access.


$ su
# visudo

Sample sudoers file configuration

Here’s an example of what you might see in a sudoers file:

# User privilege specification
root    ALL=(ALL:ALL) ALL
%admin  ALL=(ALL) ALL
%sudo   ALL=(ALL:ALL) ALL

In this file:

  • root ALL=(ALL:ALL) ALL: This line means the root user can execute any command on any host as any user.
  • %admin ALL=(ALL) ALL: Any user in the ‘admin’ group can execute any command on any host as any user.
  • %sudo ALL=(ALL:ALL) ALL: Similarly, any user in the ‘sudo’ group has full privileges to execute any command.

Adding a user to the sudoers file

To add a user directly to the sudoers file (although adding them to a group with sudo privileges is generally preferable for manageability), you’d add a line like this:


This line allows the user ‘john’ to execute any command on the system.

Restricting command execution

One of my favorite features of sudo is the ability to restrict users to execute only certain commands. For instance, if you want to allow a user to only run the apt-get update and apt-get upgrade commands
, you would add a line like this in the sudoers file:

jane ALL= NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get upgrade

In this example:

  • jane is the username.
  • ALL= signifies that this rule applies to all hosts.
  • NOPASSWD: allows the user to execute the specified commands without entering their password (remove NOPASSWD: if you prefer the user to enter their password).
  • /usr/bin/apt-get update, /usr/bin/apt-get upgrade are the only commands Jane is allowed to run with sudo.

This precise control over command execution is particularly useful in environments where users need limited administrative capabilities without full access to the sudo privileges.

Tips for editing the sudoers file

  • Always use visudo: As mentioned, this helps prevent syntax errors.
  • Understand the syntax: The sudoers file syntax is quite powerful but also complex. Make sure you understand the changes you’re making.
  • Test with caution: After editing the sudoers file, test the configuration with a non-critical command to ensure that your user has the intended privileges and that other sudo functionalities are not compromised.
  • Backup: Before making changes, it’s a good practice to create a backup

of the existing sudoers file. This can be a lifesaver if something goes wrong. Simply copy the file to another location:

$ sudo cp /etc/sudoers /etc/sudoers.backup

3. Granting sudo privileges

To allow a user to run all commands as any user, add the following line in the sudoers file:

username ALL=(ALL:ALL) ALL

For more restricted privileges, you can specify commands:

username ALL=/usr/bin/apt-get, /usr/bin/systemctl

4. Creating an alias for sudo (optional)

Sometimes, typing sudo for every command can be a bit tiresome. You can create an alias for frequently used commands. For example, updating the system:

alias update='sudo apt update && sudo apt upgrade'

After adding this alias in your .bashrc or .zshrc, you just type update in the terminal, and it does the job. It’s a small trick, but it adds a bit of convenience to your daily routine.

The importance of secure configuration

Both su and sudo are powerful tools, and with great power comes great responsibility. Ensuring that only authorized users have sudo access is crucial for system security. I’ve seen instances where careless sudo configuration led to security breaches. Always be cautious and precise when editing the sudoers file.

Personal preferences and best practices

When to use su

I generally reserve su for scenarios where I need a root shell for an extended period or for running scripts that require root access throughout. However, I try to avoid using su for day-to-day tasks due to the security risks of having a full root shell open.

When to use sudo

sudo is my go-to for most administrative tasks. It’s safer, as it provides a temporary elevation of privileges. Plus, sudo logs all commands run, which is helpful for auditing purposes.

Best practices

  • Regularly review your sudoers file for any unnecessary permissions.
  • Use sudo instead of su for daily administrative tasks.
  • Always use visudo to edit the sudoers file to avoid syntax errors.

This table highlights the fundamental differences and use-cases for su and sudo. Depending on your specific needs and the security requirements of your system, you might favor one over the other.

Comparing ‘su’ and ‘sudo’ in Linux: Key differences and uses

su sudo
Switches to another user, typically root Executes a command as another user, typically root
Requires the target user’s (root’s) password Requires the executing user’s password
Provides the environment and privileges of the target user Can limit environment and command-specific privileges
Ideal for extended operations as another user Best for single command execution with elevated privileges
No built-in mechanism for command logging Logs all executed commands, aiding in system audits
Generally less secure due to extended privileges More secure with granular permission control
Not configured by default on some systems like Ubuntu Often pre-configured for administrative users in many distributions
Once switched, allows execution of any command as that user Can restrict users to specific commands
Used less frequently in recent distributions Preferred method in most modern Linux environments

Frequently Asked Questions (FAQ) about su and sudo in Linux

Here are some of the common questions around su and sudo. If you have more questions or need further clarification, feel free to ask in the comment form below!

Q1: What is the difference between su and sudo?

  • A: su (switch user) is used to switch to another user account, and by default, it switches to the root account. It requires the target user’s password. sudo (superuser do), on the other hand, allows a permitted user to execute a command as another user (typically the superuser), based on predefined rules in the sudoers file, and requires the executing user’s password.

Q2: Is it safer to use sudo than su?

  • A: Generally, yes. sudo provides more granular control over permissions and limits the scope of elevated privileges. It also logs executed commands, adding an audit trail. su gives extended access (especially when switching to root), which can be riskier.

Q3: How do I add a user to the sudoers file?

  • A: To add a user to the sudoers file, use the visudo command to edit the file. Then, add a line like username ALL=(ALL:ALL) ALL, replacing ‘username’ with the actual username. This allows the user to execute any command with sudo.

Q4: Can I use sudo without a password?

  • A: Yes, but it’s not recommended for security reasons. To enable passwordless sudo for a user, add NOPASSWD: in the sudoers file like this: username ALL=(ALL) NOPASSWD: ALL.

Q5: How do I recover if I’m locked out due to a sudoers syntax error?

  • A: If you’re locked out because of a syntax error in the sudoers file, you will need to boot into recovery mode or use a live CD/USB to access your filesystem. Then, mount your root partition and manually correct the syntax error in the sudoers file.

Q6: Why might I need to use su instead of sudo?

  • A: su is useful when you need to perform several consecutive commands as another user, especially as root, without being prompted for a password each time. It’s also used in scripts or when sudo isn’t available or configured.

Q7: How do I see what commands I am allowed to run with sudo?

  • A: You can see your sudo privileges by running sudo -l. This command lists the allowed (and forbidden) commands for your user based on the sudoers file configuration.

Q8: Can sudo access be restricted to specific commands?

  • A: Yes, sudo can be configured to restrict a user to run only specific commands. This is done by specifying the commands in the sudoers file next to the username.

Q9: What should I do if I forget the root password?

  • A: If you forget the root password, you can reset it by booting into recovery mode (as detailed in the section “Resolving ‘su: Authentication failure’ in Linux”) and using the passwd command to set a new password.

Q10: Is it possible to run GUI applications with sudo?

  • A: Yes, but it’s not recommended due to security risks. Instead, use gksudo, kdesudo, or pkexec for GUI applications, which are designed for this purpose, though their availability depends on the distribution.


Understanding and correctly configuring su and sudo is crucial for efficient and secure Linux system management. Throughout this discussion, we’ve explored the intricate details of su and sudo in Linux, underscoring their distinct roles and operational mechanisms. While su offers a straightforward method for switching user contexts, especially for prolonged root access, sudo stands out for its ability to provide controlled, temporary superuser privileges, adding an extra layer of security and flexibility.

You may also like

Leave a Comment



FOSS Linux is a leading resource for Linux enthusiasts and professionals alike. With a focus on providing the best Linux tutorials, open-source apps, news, and reviews written by team of expert authors. FOSS Linux is the go-to source for all things Linux.

Whether you’re a beginner or an experienced user, FOSS Linux has something for everyone.

Follow Us


©2016-2023 FOSS LINUX



“Linux” is the registered trademark by Linus Torvalds in the U.S. and other countries.