BestHub
Sign in
Operations 13 min read

Understanding and Using the su and sudo Commands on Linux

This article explains the differences between the su and sudo commands, demonstrates how to create users, switch between them using login and non‑login shells, shows practical examples with code snippets, and covers sudo configuration via the /etc/sudoers file for secure privilege escalation.

Architect's Tech Stack
Architect's Tech Stack
Architect's Tech Stack
Understanding and Using the su and sudo Commands on Linux

The tutorial begins by preparing test users on a Linux system using useradd and setting passwords with passwd , then shows how to switch to the new user or root with su .

ubuntu@VM-0-14-ubuntu:~$ su -
Password:          # enter root password
root@VM-0-14-ubuntu:~# useradd -m test_user
root@VM-0-14-ubuntu:~# passwd test_user
Enter new UNIX password: ...

It clarifies that su stands for "switch user" and compares the two invocation styles: su <user> (non‑login shell) and su - <user> (login shell), illustrating how environment variables like PWD differ between them.

# non‑login shell example
ubuntu@VM-0-14-ubuntu:~$ su
Password:          # root password
root@VM-0-14-ubuntu:/home/ubuntu# env | grep PWD
PWD=/home/ubuntu

# login shell example
ubuntu@VM-0-14-ubuntu:~$ su -
Password:          # root password
root@VM-0-14-ubuntu:~# env | grep PWD
PWD=/root

The article then introduces the -c option to execute a single command as another user without staying in that shell, e.g., su - -c "tail -n 4 /etc/shadow" .

ubuntu@VM-0-14-ubuntu:~$ su - -c "tail -n 4 /etc/shadow"
Password:          # root password
ubuntu:$1$fZKcWEDI$uwZ64uFvVbwpHTbCSgim0/:18352:0:99999:7:::
ntp:*:17752:0:99999:7:::
mysql:!:18376:0:99999:7:::

Next, it explains sudo ("super user do"), its typical usage to run commands with root privileges, and common shortcuts like sudo !! . It shows how sudo respects the /etc/sudoers configuration, allowing password‑less execution for users such as ubuntu .

# sudoers excerpt
root    ALL=(ALL:ALL) ALL
%admin  ALL=(ALL) ALL
%sudo   ALL=(ALL:ALL) ALL
ubuntu  ALL=(ALL:ALL) NOPASSWD: ALL

The guide demonstrates adding a new user ( test_user ) to /etc/sudoers so it can use sudo , then verifies the change with a command like sudo tail -n 3 /etc/shadow .

test_user ALL=(ALL:ALL) ALL   # added to sudoers
$ sudo tail -n 3 /etc/shadow
ntp:*:17752:0:99999:7:::
mysql:!:18376:0:99999:7:::
test_user:$6$.ZY1lj4m$ii0x9CG8h.JHlh6zKbfBXRuolJmIDBHAd5eqhvW7lbUQXTRS//...:18406:0:99999:7:::

Finally, it compares the security implications of using su - (requires the root password) versus sudo su - (uses the invoking user's password and is controlled via /etc/sudoers ), emphasizing that sudo provides finer‑grained, auditable privilege delegation.

linuxCommand-lineSystem Administrationsudosu
Architect's Tech Stack
Written by

Architect's Tech Stack

Java backend, microservices, distributed systems, containerized programming, and more.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment