How To Use sudo su

In Unix-like operating systems, the su command is used to temporarily log into another user account and execute commands using its privileges. Like the sudo command, it is generally used to execute commands as the superuser (also known as the "root" user). The difference in su vs. sudo resides in the fact that the su command gives access to an interactive shell session, whereas the sudo command only allows to execute one command at a time.

In this article, we’ll explain why these two commands are often combined together in order to access a root shell, and how to run sudo commands without having to type in the user password.

Spawning a root shell with the su command

When called with no user specified, the su command will attempt to run an interactive shell as root, prompting you to enter the root password.

Since the root account is disabled by default on most Linux distributions —which means that the root password is not set, in order to prevent anyone from directly logging into it—using the su command alone will certainly result in an authentication error with a message like su: Authentication failure:

Logging in as the root user

To go around this restriction and gain access to a root shell, a user registered on the sudoers list can prepend the su command with sudo, and enter their own password instead of the root password. Note that since the default behavior of su is to connect to the root account, executing either sudo su or sudo su root will both have the same effect.

Once you’ve entered your password, you can confirm that you are logged in as the root user by using the whoami command that prints the effective user name of the current session.

From here, you can execute any command that usually requires elevated privileges without having to prefix it with sudo.

How to exit sudo su

To terminate the current shell session and come back to the user account you were previously logged in as, you can run the exit command.

Use sudo su - to run a login shell

By default, the su command will preserve the environment variables and the current working directory of the previous user.

To start the shell as a login shell with an environment similar to a real login, you can use the - option:

$ sudo su -

Which will:

• Clear all the environment variables except for TERM.
• Initializes the environment variables HOME, SHELL, USER, LOGNAME and PATH.
• Change the current directory to the user’s home directory.

Don’t confuse sudo -su with sudo su -!

Note that the sudo -su command differs from sudo su - in the sense that the su expression will be treated as option flags of the sudo command, where the -s flag is used to run a new shell, and the -u flag is used to run a command as a user different from root.

Running sudo su without a password

By default, a command run with sudo requires that the user authenticates themselves using their own password. In some cases, it may be useful to disable this mechanism. For example, when there is only one user account registered on the system, or when an automated script requires elevated privileges to perform certain tasks.

To do so, you can edit the sudoers file located at /etc/sudoers using the visudo command:

$ sudo visudo

And prepend the NOPASSWD directive separated by a single colon (:) to the last argument of the desired user privileges line:

user ALL=(ALL:ALL) NOPASSWD:ALL

Troubleshooting sudo su not working

If the sudo su command doesn’t work, the issue is usually caused by two things.

First, you need to make sure that the user account you are using is part of the sudoers list, which can be verified by displaying the content of the /etc/group file.

Second, you need to make sure that the su command is part of the allowed commands your root account can run, which can be verified by displaying the content of  the /etc/sudoers file.