SUDO vs SU: What Really Matters

If you spend a decent amount of time talking to people in the Linux and free software community, you are bound to stumble upon the sudo vs su debate.  Some system administrators swear by sudo and argue it is the only way to truly keep your administrative account secure.  Others argue in favor of su, and tend to use the same reasoning for their arguments.  What is the difference, and does it really matter?

The difference is actually quite simple.  The “su” command in Linux allows you to login as another user from within your current user account.  Most often, sysadmins use this to login as root.  In CentOS, for example, you would type “su” and the root password when prompted.  The “sudo” command takes a different approach, only allowing access to that user account whenever you type “sudo” before the command.  For example, to install something in Ubuntu, you would type “sudo apt-get install packagename”.

Often times, operating systems that use “sudo” do not allow logging in as root at all.  Therefore, users use their own passwords for administrative tasks, rather than two passwords for “su”.  Users of sudo argue it is more secure because you will not accidentally run a damaging program as root.  Those in favor of su say it is more secure to have a separate root password that is more difficult to access.

You can, of course, choose to have both and use them however you wish, but most users will choose one or the other.  As to which one you should choose, that mostly depends on your preferences.