This article explores the differences between the sudo
and su
commands in Linux. You can also watch this video to learn about these commands. Becoming root permanently with su
is a well-known 'no-no' in the *nix universe. Why? Because becoming root with su
means that you are root, which is the same as logging into a terminal as the root user with root's password. And that's dangerous for many reasons.
[ You might also enjoy: Linux command line basics: sudo ]
Working as root means that you have the power to:
- Remove any or all files
- Change the permissions of any or all files
- Change the runlevel of the system
- Alter user accounts
- Mount or unmount filesystems
- Remove or install software
- Create, remove, and alter file systems
Basically, you can do anything to the system as the root user. It is the all-powerful administrative account. And, unlike other more chatty operating systems, you won't see a, "Are you sure?" dialog to be sure that the rm -rf *
command you just issued was in /opt/tmp
rather than at /
. As you can imagine, errors made as the root user can be irreversible and devastating. There is an alternative: sudo
.
sudo
sudo
, which is an acronym for superuser do or substitute user do, is a command that runs an elevated prompt without a need to change your identity. Depending on your settings in the /etc/sudoers
file, you can issue single commands as root or as another user. To continue running commands with root power, you must always use the sudo command. For example, if you want to install the Nginx package, you run:
$ dnf install nginx
But you will see an error if you are not root or in the sudo group. Instead, if you run this command:
$ sudo dnf install nginx
You will be asked to type your password, and then you can run the command if you are a part of the sudo group.
A simple way to switch to an interactive session as a root user is the following:
$ sudo -i
The theory behind using sudo is that the act of issuing the sudo command before any command you run makes you think more about what you're doing and hopefully make fewer mistakes with an account that possesses unlimited power.
su
su
, on the other hand, is an acronym for switch user or substitute user. You are basically switching to a particular user and you need the password for the user you are switching to. Most often, the user account you switch to is the root account but it can be any account on the system.
For example, if you type:
$ su -
In the above example, you are switching to root and you need the root password. The (-
) switch provides you with root's environment (path and shell variables) rather than simply giving you root user power for a single command while keeping your own environment.
$ su bryant
For the second example, you are switching to bryant, and so you need bryant's password unless you are root.
If you want to switch to the bryant user account including bryant's path and environment variables, use the (-
) switch:
$ su - bryant
The (-
) switch has the same effect as logging into a system directly with that user account. In essence, you become that user.
Wrap up
Recapping what you've learned.
sudo
lets you issue commands as another user without changing your identity- You need to have an entry in
/etc/sudoers
to execute these restricted permissions sudo -i
brings you to an interactive session as rootsu
means to switch to a particular user- Just typing
su
switches to the root user sudo
will ask for your password, whilesu
will ask for the password for the user whom you are switching to
[ Want to learn more about security? Check out the IT security and compliance checklist. ]
But when do you use one, not another? Since the sudo
policy is defined in /etc/sudoers
, this can give powerful permission controls. Since sudo
can pretty much do everything that su
can, I would say it is best to stick with sudo
unless you are working with some legacy codes that require the su
command.
Sobre el autor
Bryant Jimin Son is a Consultant at Red Hat, a technology company known for its Linux server and opensource contributions. At work, he is working on building the technology for clients leveraging the Red Hat technology stacks like BPM, PAM, Openshift, Ansible, and full stack development using Java, Spring Framework, AngularJS, Material design. Prior to joining Red Hat, Bryant was at Citi Group's Citi Cloud team, building the private Infrastructure as a Service (IaaS) cloud platform serving 8,000+ teams across Citi departments. He also worked at American Airlines, IBM, and Home Depot Austin Technology Center. Bryant graduated with Bachelor of Sciences in Computer Science and Aerospace Engineering with minor concentration in Business at University of Texas at Austin.
He is also the President and Founder of Korean American IT Association group, known as KAITA (www.kaita.org). He is an avid coder spending extra time on building side projects at cafes, and he travels every week on business. He also loves to work out daily and to grow KAITA.
Navegar por canal
Automatización
Las últimas novedades en la automatización de la TI para los equipos, la tecnología y los entornos
Inteligencia artificial
Descubra las actualizaciones en las plataformas que permiten a los clientes ejecutar cargas de trabajo de inteligecia artificial en cualquier lugar
Nube híbrida abierta
Vea como construimos un futuro flexible con la nube híbrida
Seguridad
Vea las últimas novedades sobre cómo reducimos los riesgos en entornos y tecnologías
Edge computing
Conozca las actualizaciones en las plataformas que simplifican las operaciones en el edge
Infraestructura
Vea las últimas novedades sobre la plataforma Linux empresarial líder en el mundo
Aplicaciones
Conozca nuestras soluciones para abordar los desafíos más complejos de las aplicaciones
Programas originales
Vea historias divertidas de creadores y líderes en tecnología empresarial
Productos
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Servicios de nube
- Ver todos los productos
Herramientas
- Training y Certificación
- Mi cuenta
- Soporte al cliente
- Recursos para desarrolladores
- Busque un partner
- Red Hat Ecosystem Catalog
- Calculador de valor Red Hat
- Documentación
Realice pruebas, compras y ventas
Comunicarse
- Comuníquese con la oficina de ventas
- Comuníquese con el servicio al cliente
- Comuníquese con Red Hat Training
- Redes sociales
Acerca de Red Hat
Somos el proveedor líder a nivel mundial de soluciones empresariales de código abierto, incluyendo Linux, cloud, contenedores y Kubernetes. Ofrecemos soluciones reforzadas, las cuales permiten que las empresas trabajen en distintas plataformas y entornos con facilidad, desde el centro de datos principal hasta el extremo de la red.
Seleccionar idioma
Red Hat legal and privacy links
- Acerca de Red Hat
- Oportunidades de empleo
- Eventos
- Sedes
- Póngase en contacto con Red Hat
- Blog de Red Hat
- Diversidad, igualdad e inclusión
- Cool Stuff Store
- Red Hat Summit