How to Temporarily Change Accounts and Privileges

The 'su' and 'sudo' Commands

The su command temporarily changes the logged-in user of a shell session. It contrasts with the sudo command, which grants the current logged-in user the rights to execute commands with elevated privileges.

Purposes of the 'su' and 'sudo' Commands

The su command changes your logged-in shell session from one user account to another. This practice is handy for troubleshooting user-permissions problems. You must have the password of the account to access it through su.

If you execute su without specifying a user account, the system assumes you intend the root account. You must know the root account for this process to work.

When you're finished with a su session, type exit to log out of the substituted account and return to the originally logged-in account.

People just love telling stories that su and sudo stand for things. As a rule of thumb, it's okay to use the mnemonic that su is a substitute user and that sudo is do as a substitute user. The su command isn't a "super user" command. The commands are the commands; if you invest too much mental space into thinking that they "stand for" something, you'll lose a bit of the flexibility that these related commands offer.

By contrast, sudo is intended to grant elevated permissions for a single command. For example, updating packages require elevated permissions; a regular user account cannot perform this function. But if that account is included as a sudoer, it can invoke sudo and then the privileged command or program.

It's a myth that sudo lets you run commands as root. By default, sudo is functionally equivalent to root, because most people don't modify the permissions and roles granted in the sudoers file. However, a competent system administrator will limit the scope of sudo to the minimally necessary programs an individual user requires in the context of that system's policies and procedures.

Different distributions handle sudo and root accounts in conflicting ways. Some distributions require that a root password instantiate upon system installation; others suppress root by default and rely on sudo for administrative purposes. Check your distribution's manpages for specific guidance about these important utilities.

Was this page helpful?