BestHub
Sign in
Operations 13 min read

Understanding and Using the su and sudo Commands in Linux

This article systematically explains the differences, usage patterns, and practical examples of the Linux su and sudo commands, covering user creation, login‑shell vs non‑login‑shell switches, the -c option, sudoers configuration, and security considerations for privilege escalation.

Architect's Tech Stack
Architect's Tech Stack
Architect's Tech Stack
Understanding and Using the su and sudo Commands in Linux

Before diving into the commands, several test users are created using useradd (or its absolute path /usr/sbin/useradd ) because switching users requires existing accounts.

1. Preparation

Switch to the root account with su - , set a password for the new user test_user using passwd test_user , then exit back to the original ubuntu user.

ubuntu@VM-0-14-ubuntu:~$ su -
Password: ********
root@VM-0-14-ubuntu:~# useradd -m test_user
root@VM-0-14-ubuntu:~# passwd test_user
Enter new UNIX password: ********
Retype new UNIX password: ********
passwd: password updated successfully
root@VM-0-14-ubuntu:~# exit
logout
ubuntu@VM-0-14-ubuntu:~$

2. su command introduction and main usage

The su command stands for “switch user”. Using su <user_name> switches to the specified user with a non‑login shell, while su - <user_name> starts a login shell, loading the target user's environment variables.

su  test_user        # non‑login shell
su - test_user       # login shell

Examples show that a non‑login shell retains the original PWD (e.g., /home/ubuntu ), whereas a login shell updates it to the target user's home directory (e.g., /root ).

2.3 The -c parameter

Instead of switching users first, you can execute a command as another user directly with su -c "command" <user_name> . Example:

ubuntu@VM-0-14-ubuntu:~$ su -c "tail -n 4 /etc/shadow"

This runs the command with root privileges and returns to the original user immediately.

3. sudo command introduction and main usage

sudo stands for “super user do”. It allows a permitted user to run a command as root (or another user) without exposing the root password. Common shortcuts include sudo !! to repeat the previous command with sudo.

ubuntu@VM-0-14-ubuntu:~$ tail -n 3 /etc/shadow
tail: cannot open '/etc/shadow' for reading: Permission denied
ubuntu@VM-0-14-ubuntu:~$ sudo !!
sudo tail -n 3 /etc/shadow
ntp:*:17752:0:99999:7:::
mysql:!:18376:0:99999:7:::
test_user:$6$.ZY1lj4m$...

Whether a user can use sudo is controlled by the /etc/sudoers file, which should be edited with visudo . An example entry granting password‑less sudo to ubuntu :

ubuntu ALL=(ALL:ALL) NOPASSWD: ALL

Adding test_user ALL=(ALL:ALL) ALL enables sudo for that user after editing the sudoers file.

3.3 sudoers file structure

Each line follows the pattern: user hosts=(runas) commands . The NOPASSWD tag removes the password prompt for the specified user.

4. Comparison between su and sudo

Using su - requires knowing the root password, which is insecure for many users. sudo only needs the invoking user's password and allows fine‑grained control via /etc/sudoers , making it a safer method for privilege escalation.

linuxSystem Administrationuser-managementPrivilege Escalationsu commandsudo command
Architect's Tech Stack
Written by

Architect's Tech Stack

Java backend, microservices, distributed systems, containerized programming, and more.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment