sudo-su-terminal.png

From time to time I see people that copy commands online get elevated privileges by typing sudo su.

Now, even if it works for the intended purpose, you can probably do something better.


Under The Hood

When you run sudo su you are chaining 2 privilege escalation commands:

  • sudo executes a command as another user (root by default). It checks the /etc/sudoers config file to check if the user executing the command has permissions to do so, logs the sudo action made, and asks for the user password (if configured with the defaults).
  • su switches to another user (root by default). It requires the target user’s password (root password) and starts a new shell session as this user.

With sudo su you are using sudo to run the su command with root privileges, which then starts a root privileged shell, which is redundant.

Now, if you need to run many privileged commands in a row, using sudo su might be tempting (nobody wants to type sudo for each and every command), but instead, you can use sudo -i, which is a much better.


The Problem with sudo su

Limited Audit Trail

sudo su (and sudo -i) share the same logging limitation: sudo only logs the invocation of the root shell, not the individual commands you run within it.

# This gets logged:
sudo -i

# These DO NOT get logged by sudo:
apt update
rm -rf /important/data
systemctl restart nginx

This is why sudo <command> is preferred when possible, as each individual command gets its own audit log entry.

In the future if you were using sudo su and something happened, you will have no idea what happened inside this root shell session. Every command executed in that su shell is invisible to sudo’s logging.


Environment Variable Chaos

su by itself doesn’t fully reset your shell environment, it changes some environment variables (HOME, USER, SHELL, LOGNAME) but preserves others from your original user (like PATH, which may still point to your current user’s PATH).

This mixed environment can cause unexpected behavior on scripts.

Environment Variable Handling:

  • su - preserves user environment (can cause issues)
  • su - - provides clean root login environment
  • sudo su - mixed environment (depends on sudo config)
  • sudo -i - clean root login environment. Using sudo -i ensures consistent, predictable environment behavior.

It’s Redundant

sudo already gives you elevated privileges securely, why complicate things and add redundancy?


Use sudo -i Instead

If you need a persistent root shell for multiple commands, use sudo -i.

The -i (or --login) option starts a login shell as root with a clean environment.


Benefits Over sudo su

  • Clean Environment: You get root’s full login environment ($PATH, $HOME=/root, environment variables) as if you logged in directly as root.
  • Simpler: One command instead of chaining 2 privilege escalation commands.
  • Clearer Intent: More obviously requests a root login shell.
  • Uses Your Password: Authenticated via sudo (your password), not root’s password.
  • Respects sudo Policies: Access controlled by /etc/sudoers configuration.

What Gets Logged

sudo -i logs the invocation of the root shell, but NOT individual commands you run within that shell:

# Logged by sudo
Nov 20 10:23:45 hostname sudo: username : TTY=pts/0 ; PWD=/home/username ; USER=root ; COMMAND=/bin/bash -i

# NOT logged by sudo: anything you type after this

For comprehensive command auditing, you can use auditd, psacct, or another centralized logging solution.


Best Practice Hierarchy

  1. Preferred: sudo <command> for individual commands
    • Each command is logged separately
    • Clear audit trail
  2. When Necessary: sudo -i for persistent root shell
    • Multiple commands in a row requiring root
    • Interactive troubleshooting
    • System maintenance tasks
  3. Avoid: sudo su
    • Redundant privilege escalation
    • Same logging limitations as sudo -i

Why Use sudo su?

If you’re on a system where you don’t have sudo access but know the root password, then yes, su - or su -l makes sense. But if you’re reaching for sudo su, you already have sudo configured, right? Use it properly brother.

Bottom line, stop using sudo su. Use sudo -i when you need a root shell. Better yet, use sudo with individual commands.