Linux System Administration Basics: Distinguishing Between Sudo, Su, and Su –
For decades, managing permissions and access rights has been at the heart of security and system administration in Linux environments. With the constant evolution of distributions and security policies, understanding the distinction between the sudo, su, and su commands is becoming essential for any professional wishing to effectively manage their systems. These commands, often perceived as privilege escalation tools, each fulfills a specific function, adapted to different contexts. In 2025, this in-depth understanding not only ensures secure and efficient administration, but also enhanced traceability of user actions. A Closer Look at the su Command: Superuser AccessA Closer Look at the su Command: Superuser Access The su command, which stands for “Substitute User” or “Switch User,” plays a key role in Linux security management. It allows a user to log in as another user, usually the superuser or root. The main strength of su lies in its ability to provide uninterrupted access to all the functionality of another user, especially one with administrative rights. However, this power comes with responsibilities, particularly in terms of permissions and security. Practice shows that the use of su must be limited and controlled, as any context switch can potentially expose the system to increased risk if mismanaged. When running the su command, the system typically prompts for the target user’s password. To switch to the root account, simply type: su And enter the administrator password. From then on, the user benefits from all the permissions associated with the superuser. The session, however, retains a certain resemblance to the initial session, unless the – option is added. The notable difference with sudo is that su does not require prior configuration in /etc/sudoers, but only the target user’s password. Aspect su
sudo
Switch to another user Run a command with the privileges of another userPassword required Target user’s passwordInitial user’s password or according to the sudoers rule Security Less secure if misused, because full access More secure, increased traceability For a deeper understanding, it is useful to know that using su can be problematic if the password is compromised, as it grants full access. The 2025 best practice recommends using Polkit to delegate specific rights and limit the use of su.
https://www.youtube.com/watch?v=qe3MG1px9BI Differentiating between su and su –: The Importance of the User EnvironmentThe distinction between su and su – is not trivial, as it directly influences the configuration of the user environment after the context switch. The su – command (with the dash) simulates a full login by loading the target user’s precise environment, including environment variables, profiles, and paths. Simply using su without the dash serves to switch users without fully loading their settings, which can lead to inconsistencies or errors if the environment is critical.
For example, after running su –, the system loads all environment variables, such as PATH, HOME, or specific configurations in .profile. On the other hand, with:
su The initial environment remains intact, which can be problematic if scripts or configurations depend on specific variables. Practice shows that for any complete context switch, the use of su - is strongly recommended to ensure regulatory compliance and security. Furthermore, this distinction is crucial for permission management in multi-user environments or when implementing corporate policies. Criterion su su -
Environment loading
Partial
Complete
Environment variables
Preserved
Reinitialized
Typical usage
User switch without reset
Full login to the target user's environment
In concrete terms, how does this impact security?
In a professional environment, especially in 2025, respecting precise environment management prevents information leaks or serious execution errors. The difference between su and su- then becomes a lever for optimizing security by strictly loading the necessary environment, thus avoiding incorrect configurations or unauthorized permissions.
https://www.youtube.com/watch?v=RkGUWKsE_Ng
Security recommendations around sudo and su: best practice in 2025 Security recommendations around sudo and su: best practice in 2025 As Linux systems continue to evolve, security remains a top priority. The recommended practice for system administrators is to limit the use of su and favor sudo, combined with strict policies in Polkit. In 2025, this approach strengthens the ability to precisely control what actions are possible and who can perform them, while maintaining reliable traceability. More concretely, the use of sudo comes with fine-grained configurations in the /etc/sudoers file, allowing you to limit access to specific commands. For example: 🔐 Limit permissions to specific scripts📝 Record all actions in the logs
🔍 Check privilege usage at all times
It is also recommended to maintain the practice of only using
su in exceptional cases, when a full work session is necessary. Mastering permission delegation with Polkit allows you to assign specific permissions to different users, strengthening overall security.
