Why Use sudo Instead of Root? Understanding Linux Privilege Management

Linux systems commonly involve two concepts: the sudo command and the root account. While root has unrestricted privileges for all commands, sudo allows specific commands to run with elevated rights.

What is root?

Root is the superuser account in Unix-like systems, identified by UID 0. It has full control over the system, enabling actions such as modifying core components, upgrading the system, changing configurations, and managing all services.

When logging in as root (e.g., using su -), the shell prompt changes from a normal user prompt to a root prompt.

$ echo 'You are in a normal shell'
# echo 'This is a root shell'

On some distributions like Ubuntu, the root account is locked by default.

What is sudo?

The sudo (superuser do) command is a command‑line utility that lets a permitted user execute a command as root or another user, after authenticating with their own password. Unlike su, sudo does not open a root shell; it runs the specified program with elevated privileges.

Administrators can use sudo to:

Grant users or groups the ability to run certain commands with root rights.

Log each command and its arguments in /var/log/auth.log.

Control which commands a user may execute on the host.

sudoers file

The sudo configuration resides in /etc/sudoers and should be edited with the visudo command to prevent syntax errors. A typical excerpt looks like:

# This file MUST be edited with the 'visudo' command as root.
Defaults    env_reset
Defaults    mail_badpass
Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root    ALL=(ALL:ALL) ALL
%sudo   ALL=(ALL:ALL) ALL
@includedir /etc/sudoers.d

The line root ALL=(ALL:ALL) ALL gives the root user unlimited permissions, while %sudo ALL=(ALL:ALL) ALL allows all members of the sudo group to run any command.

Note: In the sudoers file, the % symbol denotes a group, not a comment.

Using sudo

To run a command with sudo, simply prefix it with sudo:

$ sudo command

You will be prompted for your password; after entering it, the command executes with elevated rights.

sudo vs. root

The principle of least privilege advises granting only the minimum permissions necessary. Running commands as root gives every command full system rights, which can lead to accidental destructive actions, such as:

$ rm -rf /etc

When executed as a regular user, this command is denied, but as root it proceeds without warning, potentially breaking the system. sudo mitigates this risk by allowing fine‑grained control: only the specified command runs with root privileges, and the rest of the session remains under normal user rights.

Therefore, using sudo instead of a root shell reduces the chance of accidental system damage while still providing the necessary elevated access for specific tasks.