There are many different ways to get a root session in the Linux terminal. This can be confusing, as most beginners who want to gain root access may not know how each command can gain root access, how they differ, and when those differences matter. Here we break down each of the many different commands used to gain root access in a terminal, explain how to get root, when to use them, and everything in between Su, Sudo Su, Sudo -s and Sudo -i.
su command substitutes the current user the system is using in the shell.
You can switch to any user by entering su and then adding a username. This will instruct the system to change the current user to the specified one (and basically log out). Alternatively, the su command can gain root access by typing su without specifying anything after the command.
“su” is best used when a user wants direct access to the root account of the system. It doesn’t go through sudo or anything like that. Instead, you will be prompted for the root user’s password when you literally log into it. Also, other ways of gaining root access do not have the advantage of gaining access to the root home directory and environment.
This command asks for the current user’s password as opposed to root.
It is essentially the same as running su in the shell, except for one key difference. Instead of telling the system to “switch users” directly, tell the system to run the “su” command as root. When sudo su is run, “.profile”, “.bashrc” and “/etc/profile” are started, similar to running su (or su root). When you run a command with sudo first, you get root privileges.
Although there is not much difference between “sudo su” and “su”, sudo su is still a very useful command for one important reason: when a user executes “su” to gain root access to a system, he will need to know the root password. The root is specified with sudo su requesting the password of the current user. This makes it possible to become root without the root password, which increases security.
sudo -i is virtually the same as the
sudo su command with one exception: it does not directly interacting with the root user.
Similar to sudo su, the -i flag allows a user to obtain a root environment without having to know the password for the root account. sudo -i is also very similar to using sudo su in that it reads all environment files (.profile, etc.) and sets the environment in the shell.
The difference from “sudo su” is that sudo -i is a much cleaner way to get root and a root environment without directly interacting with the root user. To clarify: with sudo su you are using more than one root setuid command in the background. This makes it much more difficult to find out which environment variables are kept and which ones are modified (when switching to the root environment). This is not the case with sudo -i. Because of this, most people consider it the preferred method of becoming root without directly logging in.
This command summons a shell with your $SHELL variable.
The -s switch for the sudo command reads the $SHELL variable of the current user who is executing commands. This command works as if the user were running sudo /bin /bash. Sudo -s is a “non-login” style shell. Unlike a command like sudo -i or sudo su, the system does not read environment files. When a user instructs the shell to run sudo -s, it becomes root but does not change the user or the user’s environment. Your home will not be the parent company, etc.
This command is best used when the user doesn’t want to switch to root but wants an interactive shell with their $SHELL environment value. Other commands discussed above give root access, but touch files in the root environment and allow users full root access (which can be a security issue).
Frequently Asked Questions
1. Which command should I use?
Each command has its use case. Here it is important to understand what each command does and when to use it. Sudo -i is currently the cleanest and most practical way to create a root environment. On the other hand, sudo -s users will find that they can get a root shell without being able to touch the root environment, which provides additional security benefits.
2. Can accessing root harm my system?
In some cases, yes. Unless you are absolutely sure that you need to access root for everything in a particular terminal session, it is often best to type sudo followed by a command when you want to access root for that particular command. For example, typing sudo apt install vlc on a Debian-based version of Linux will tell the operating system to root just to run the APT package manager to install VLC.
A very important caveat when running sudo -i or any other variation we discussed above, rather than typing sudo before any command you want to run as root, is that the former will not have its command history in /var/log/auth.log. If you screw it up, there’s no way you can go back and review what you did so you can correct it. You do not need to have enough memory because root sessions are not registered.
3. When I type “sudo” before a command, which variant of “sudo su” am I running?
By typing sudo to run a command (that is, entering it on the same line as the command you want to run), you are essentially running it under an interactive root shell. The standalone “sudo -s” command would do this.