Commands.page Logo

Ubuntu su vs sudo: What Is the Difference?

In Ubuntu Linux, managing administrative privileges is crucial for system security and maintenance. Two common commands used for this purpose are su and sudo, but they function differently regarding authentication and access levels. This article explains the core distinctions between these tools, how Ubuntu handles root access by default, and which command you should use for everyday tasks.

The su Command

The su command stands for “switch user.” It allows you to start a new shell session as another user, typically the root user. To use su for administrative access, you must enter the root account password. Once authenticated, you remain in the root shell with full system privileges until you type exit. In Ubuntu, the root account is disabled by default, meaning su will not work unless you manually set a root password.

The sudo Command

The sudo command stands for “superuser do.” It allows a permitted user to execute a single command with administrative privileges. Instead of the root password, sudo requires the current user’s password. After the command executes, privileges revert to the standard user level immediately. Ubuntu configures sudo by default during installation, allowing designated users to perform administrative tasks without enabling the root account.

Core Differences

The primary difference lies in authentication and session scope. su requires the root password and opens a persistent root shell, while sudo requires the user’s password and elevates privileges for only one command. Additionally, sudo logs every command executed with elevated privileges, creating an audit trail. su does not provide the same level of logging granularity. Because Ubuntu disables the root login by default, sudo is the only working option out of the box.

Best Practice for Ubuntu

You should use sudo for all administrative tasks in Ubuntu. It is more secure because it limits the time spent with elevated privileges and prevents accidental system-wide changes. Using sudo also aligns with Ubuntu’s security model, which avoids the use of the root account for daily operations. Enable the su command only if you have a specific requirement for a persistent root shell session.