'sudo su -' vs 'sudo -i' vs 'sudo /bin/bash' - when does it matter which is used, or does it matter at all?
Solution 1
To explain this you need to know what the programs do:
su
- The commandsu
is used to switch to another user (s witch u ser), but you can also switch to the root user by invoking the command with no parameter.su
asks you for the password of the user to switch, after typing the password you switched to the user's environment.sudo
-sudo
is meant to run a single command with root privileges. But unlikesu
it prompts you for the password of the current user. This user must be in the sudoers file (or a group that is in the sudoers file). By default, Ubuntu "remembers" your password for 15 minutes, so that you don't have to type your password every time.bash
- A text-interface to interact with the computer. It's important to understand the difference between login, non-login, interactive and non-interactive shells:
Types of shells:
- login shell: A login shell logs you into the system as a specified user, necessary for this is a username and password. When you hit ctrl+alt+F1 to login into a virtual terminal you get after successful login a login shell.
- non-login shell: A shell that is executed without logging in, necessary for this is a currently logged-in user. When you open a graphic terminal in gnome it is a non-login shell.
- interactive shell: A shell (login or non-login) where you can interactively type or interrupt commands. For example a gnome terminal.
- non-interactive shell: A (sub)shell that is probably run from an automated process. You will see neither input nor output.
So the cases are:
sudo su
Callssudo
with the commandsu
. Bash is called as interactive non-login shell. So bash only executes.bashrc
. You can see that after switching to root you are still in the same directory:user@host:~$ sudo su root@host:/home/user#
sudo su -
This time it is a login shell, so/etc/profile
,.profile
and.bashrc
are executed and you will find yourself in root's home directory with root's environment.sudo -i
It is nearly the same assudo su -
The -i (simulate initial login) option runs the shell specified by the password database entry of the target user as a login shell. This means that login-specific resource files such as.profile
,.bashrc
or.login
will be read and executed by the shell.sudo /bin/bash
This means that you callsudo
with the command/bin/bash
./bin/bash
is started as non-login shell so all the dot-files are not executed, but bash itself reads.bashrc
of the calling user. Your environment stays the same. Your home will not be root's home. So you are root, but in the environment of the calling user.sudo -s
reads the$SHELL
variable and executes the content. If$SHELL
contains/bin/bash
it invokessudo /bin/bash
(see above).
Check:
To check if you are in a login shell or not (works only in bash because shopt
is a builtin command):
shopt -q login_shell && echo 'Login shell' || echo 'No login shell'
Solution 2
To look for differences you may chack the resulting environment among different invocations.
You could find some "small" differences in some critical variables:
PATH
,LD_LIBRARY_PATH
,LD_PRELOAD
or some difference in ~/. dotfiles handling (~/.config
).
Consider also the ownership of $HOME based logfiles (~/.xsession.errors
, etc ...) or xauth cookies (~/.Xauthority
) that commands generate.
Try these commands:
# 'su -' vs 'su'
diff <(sudo su - -c env | sort) <(sudo su -c env | sort)
# 'su -' vs 'sudo -i'
diff <(sudo su - -c env | sort) <(sudo -i env | sort)
Related videos on Youtube
Paul
Updated on September 18, 2022Comments
-
Paul over 1 year
When I'm doing something that requires root be typed in dozens of times in a row, I prefer to switch my session to a root session. In the various tutorials and instructions I have used on the Internet, I see
sudo su
,sudo su -
,sudo -i
andsudo /bin/bash
being used to open a root session, but I'm not clear on the difference between these and when or if that difference matters.Can someone clear this up for me?
-
Radu Rădeanu over 10 yearsYou forgot to ask about
sudo -s
andsudo su
. -
Radu Rădeanu over 10 years
-
Radu Rădeanu over 10 years
-
Radu Rădeanu over 10 years
-
Paul over 10 years@RaduRădeanu When I typed the question in I reviewed the suggested questions and none of those really addressed my complete question. The same is true for the questions you linked to. Though they do contain a lot of new information for me, and thank you for linking to them, I found them not as complete as the answer user chaos below provides, which is much more in line with what I was looking for.
-
-
Radu Rădeanu over 10 yearsJust a clarification:
sudo
allows a permitted user to execute a command as the superuser or another user. Anyway, +1 for your effort. -
Paul over 10 years@chaos Thank you for this excellent answer! It mostly answers my questions, so I went ahead and marked the question answered, but I'm not understanding when it is desirable to run a particular shell. I really only use Ubuntu through command line and I find my most common use for opening a
root
user session (vs. usingsudo
) is when I'm doing something that requires heavy usage ofroot
privileges, such as when installing something new or performing a major reconfiguration. I've been usingsudo /bin/bash
, but apparently that method has a bad rap for some reason I don't understand. -
oblivian about 10 yearsAlso, it is more "correct" to say that su stands for switch user, rather than super user. I.e. run a php script: su www-data /usr/share/script.php or just su www-data for interactive shell. But su without any user name will asume the root (super user) account.
-
oblivian about 10 yearsChaos - "shopt -q login_shell && echo 'Login shell' || echo 'No login shell'" These kinds of suggestions I see often, but why make it so long? The && operator means if exit code 0 then "do next command" and the double pipes (||) means else (if not 0) then do this command. So what it is basically saying if exit code 0 then echo "Login Shell", if exit code 1 (fail) then echo "No login". Why not just "shopt -q login_shell ; echo $?" $? means the result/exit code of the preceding command. In most if not all programs 0 means success, 1 or more means fail. So if the echo is 0 = success...
-
chaos about 10 years@oblivian You are right, but this shopt-part is clearly without explaning that 0 (true) means a login shell and 1 (fail) no login shell. - I editited the su-part.
-
Paul about 10 years@chaos Is there any possibility of your addressing the second part of my question, which is when is it appropriate to use any of the various options, or at least which one is best for the scenario I describe of saving the hassle of typing
sudo
100 times in a row? -
chaos about 10 years@Paul why the removed accept after 4 months?
-
Paul about 10 years@chaos The answer to your question lies not only directly in my comments above, but indirectly in your failure to acknowledge those comments in any manner.
-
Marco Sulla over 9 years@Paul:
sudo -i
is suggested. Read here: ubuntuforums.org/showthread.php?t=1817402 and here: unix.stackexchange.com/questions/98531/… -
Ade Malsasa Akbar over 9 yearsIt clearly explains what sudo -s meaning is.
-
Paul over 8 years@LucasMalor The question you linked to has been marked as a duplicate of su vs sudo -s vs sudo bash, which I provided a link to in case the question you link to is removed completely.
-
SiMing almost 5 yearsI tested
sudo su -
, but seems it didn't execute/root/.bashrc
, but/etc/profile.d/*
were executed. This is different from what you are saying in the answer. -
not2qubit about 4 yearsInteresting answer.
-
Admin almost 4 years