Understanding the Key Differences Between sudo and su in Linux

Overview

The Linux commands sudo and su both allow a user to gain elevated privileges, but they operate in fundamentally different ways. Understanding these differences helps administrators choose the right tool for a given task.

sudo

sudo

requires the password of the current (non‑root) user. It is designed to run a single command with root (or another specified) privileges. After the command finishes, the session returns to the original user. By default, Ubuntu grants a 15‑minute grace period during which the password is not asked again. The user must be listed in /etc/sudoers to use sudo.

Typical usage examples:

sudo apt update

sudo -i

– start an interactive root shell without repeatedly entering the password (still requires sudo rights). sudo su – run su with elevated privileges, effectively switching to root after sudo authentication.

su

su

(substitute user) switches the current session to another user’s identity. It asks for the password of the target account (root password when switching to root). By default it opens a new shell, preserving the original environment unless the - (login) option is used.

Key points: su does not require the invoking user to be in sudoers.

Without -, environment variables remain those of the original user.

With - (e.g., su - root), the environment is fully replaced by the target user’s environment, and the working directory changes to the target’s home (e.g., /root).

Comparative Examples

Switching to root with su: su root – enter root password; stays in the current directory. su - root – enter root password; changes to /root and loads root’s environment.

Elevating to root with sudo: sudo -i – start an interactive root shell after entering the current user’s password; no time limit once entered. sudo su – run su as root, effectively achieving the same result as su - but authenticated via sudo.

Important Notes

Both commands have distinct security models: sudo provides fine‑grained control and auditability, while su offers a straightforward user switch. Choosing between them depends on whether you need temporary privileged execution of a single command ( sudo) or a full user session ( su).