What's the difference between the commands "su -s" and "sudo -s"?



What is the difference between the two super user commands, su -s and sudo -s?

They both give a shell with access to the superuser account.


Posted 2009-07-15T07:11:46.370

Reputation: 1 526



In practice, they will both make you the superuser. However, they do slightly different things, in slightly different ways.

First, su - switches you to a login shell, whereas sudo -s does not. In practice, this often means that your environment variables will not be switch to root's for sudo -s. Note that you can run just su to not get a login shell, or sudo -i to get a login shell [not in all versions].

Secondly, su and su - switch to a new user by asking you to authenticate as the new user. sudo -s and sudo -i (and just regular sudo foo) let you run a command for which you're pre-authorized [see /etc/sudoers], possibly by asking you to confirm your current ID.

If you want to be really cute, you can also run sudo su -, which will request to login as root (su -) run by the root user (the sudo part).

If the root user is locked (such as on Ubuntu), you will not be able to login as root using su. In this case, you'll need to use sudo -s or sudo -i


Posted 2009-07-15T07:11:46.370

Reputation: 584

5It's also worth saying that on many distributions sudo gives no default privileges to regular users. On those systems, su is the only option. – Telemachus – 2009-07-16T11:02:51.193


su -s

Will switch to a user (in this case root) and launch the shell you specify, or one of few other methods of determining the shell. This is useful if you want to use zsh or another shell as root really quick... and for some reason you're not using sudo.

sudo -s

Just executes a shell using sudo, which would give you a root shell. You can pass a shell to it as well.

su -s is older, much older then the sudo -s command. My guess is that the developer is trying to make it as easy as possible to switch to using sudo.

Mark Turner

Posted 2009-07-15T07:11:46.370

Reputation: 901


su is a command to change to another user, either to run a shell or execute a specific command. You must authenticate as the other user. If you want to su to root, you need the root password.

sudo is a command to execute another command (optionally a shell) as a different user. You must authenticate as your own user. Permission to use sudo (and the specific things you can do with it) are specified by an administrator in the sudoers file.

If you give someone access to su (by, for example, giving them the root password), then they can do anything with it – run other commands, open a shell, change the password, login remotely via ssh, and so on. You're essentially giving them access to the other account, with 'su' being just one thing they can do with it.

sudo is much more fine-grained. You can grant privileges to a user, or to a group. You can allow a user or group to sudo within a certain timeframe (e.g. Monday to Friday, 9 AM to 5 PM). You can specify a specific list of commands they're allowed to run (e.g. only /usr/local/bin/run_backup) or you can specify a specific user they're allowed to run commands as (e.g. www, backup, staff, etc).

Besides its flexibility, sudo is a better solution in all cases, because it doesn't require access to anything the user doesn't already have. If you give someone sudo access, you can revoke it by removing their line in the sudoers file, or removing them from the sudoers group. If you delete their account, their access is gone.

If you give them the root password, even assuming they don't do anything unpleasant with it, then they will know it forever. If you have multiple people who need root access for administrative tasks, this means either changing all the root passwords whenever someone leaves, or assuming that it's ok for them to have full access to your systems after you leave.

Dan Udey

Posted 2009-07-15T07:11:46.370

Reputation: 439

good explanation of the differences between the two commands su and sudo. – John aka hot2use – 2016-02-22T10:49:27.173


  • su will ask you the root user password.
  • sudo will ask you your password (and you need to be cleared for sudo access to do that).


Posted 2009-07-15T07:11:46.370

Reputation: 3 457

2Generally this is the default behaviour for sudo, but it can also be configured to ask you for the root or other password. – theotherreceive – 2009-07-15T13:25:40.710


From Wikipedia:

su (short for substitute user or switch user) is a Unix command used to run the shell of another user without logging out.

A related command called sudo executes a command as another user but observes a set of constraints about which users can execute which commands as which other users (generally in a configuration file named /etc/sudoers, best editable by the command visudo). Unlike su, sudo authenticates users against their own password rather than that of the target user (to allow the delegation of specific commands to specific users on specific hosts without sharing passwords among them and while mitigating the risk of any unattended terminals).

Yaakov Ellis

Posted 2009-07-15T07:11:46.370

Reputation: 380


One thing that isn't getting said fully is this: which one you can use often depends on what distribution you're using and who runs it. One or the other (su or sudo) is probably not set up for full use by default. So for example, as some people have mentioned, OS X and Ubuntu disable the root account (su) by default. Equally, Debian does not give regular users any default privileges to sudo. (On all these systems, you can change these defaults, but only if you have some kind of administrative privileges to begin with. I suppose we're talking about a non-server situation and you administrate the machine since we're on SU rather than SF, but just in case.)

Finally, if you want to use sudo in a more fine-grained way, you should look at man sudoers for how to edit the /etc/sudoers file. However, you should never edit it by hand. Use the program visudo - it will prevent you from saving your edits unless they are at least minimally sane. It's a great safeguard against simple errors which could lock you out of your own system's admin privileges.


Posted 2009-07-15T07:11:46.370

Reputation: 5 695


On systems where the superuser account is disabled, such as Mac OS X, su will not work; sudo -s will.

Also, it appears there is no su -s available, at least on my machine.


Posted 2009-07-15T07:11:46.370

Reputation: 8 350

The reverse is often true. That is, on many older unix-like distributions, regular users have no default privileges under sudo (which isn't even always installed). – Telemachus – 2009-07-16T11:01:38.077


This introduction may help you. su is shorthand for su root, and you keep your rights as the other user indefinitely. More dangerous, but also more convenient if you're doing many root-access commands over a period of time.

Nikhil Chelliah

Posted 2009-07-15T07:11:46.370

Reputation: 1 028


su will basically create a new login shell with another user privileges (login) sudo will just temporarily allow you to execute command using the user you specified. On some UNIX like FreeBDS there are no '-s' options.


Posted 2009-07-15T07:11:46.370

Reputation: 1 164