Is there ever a good reason to run sudo su?

To launch a root shell on machines where the root account is disabled, you can run one of:

  • sudo -i : run an interactive login shell (reads /root/.bashrc and /root/.profile)
  • sudo -s : run a non-login interactive shell (reads /root/.bashrc)

In the Ubuntu world, I very often see sudo su suggested as a way to get a root shell. Why run two separate commands when one will do? As far as I can tell, sudo -i is equivalent to sudo su - and sudo -s is the same as sudo su.

The only differences seem to be (comparing sudo -i on the left and sudo su - on the right):

screenshot of meld comparing 'sudo -i' and 'sudo su -'

And comparing sudo -s (left) and sudo su (right):

screenshot of meld comparing 'sudo -s' and 'sudo su'

The main differences (ignoring the SUDO_foo variables and LS_COLORS) seem to be the XDG_foo system variables in the sudo su versions.

Are there any cases where that difference warrants using the rather inelegant sudo su? Can I safely tell people (as I often have) that there’s never any point in running sudo su or am I missing something?

Asked By: terdon


As you stated in your question, the main difference is the environment.

sudo su - vs. sudo -i

In case of sudo su - it is a login shell, so /etc/profile, .profile and .bashrc are executed and you will find yourself in root’s home directory with root’s environment.

sudo -i is nearly the same as sudo su - The -i (simulate initial login) option runs the shell specified by the password database entry of the target user as a login shell. This means that login-specific resource files such as .profile, .bashrc or .login will be read and executed by the shell.

sudo su vs. sudo -s

sudo su calls sudo with the command su. Bash is called as interactive non-login shell. So bash only executes .bashrc. You can see that after switching to root you are still in the same directory:

user@host:~$ sudo su

sudo -s reads the $SHELL variable and executes the content. If $SHELL contains /bin/bash it invokes sudo /bin/bash, which means that /bin/bash is started as non-login shell, so all the dot-files are not executed, but bash itself reads .bashrc of the calling user. Your environment stays the same. Your home will not be root’s home. So you are root, but in the environment of the calling user.


The -i flag was added to sudo in 2004, to provide a similar function to sudo su -, so sudo su - was the template for sudo -i and meant to work like it. I think it doesn’t really matter which you use, unless the environment isn’t important.


A basic point that must be mentioned here is that sudo was designed to run only one single command with higher privileges and then drop those privileges to the original ones. It was never meant to really switch the user and leave open a root shell. Over the time, sudo was expanded with such mechanisms, because people were annoyed about why to use sudo in front of every command.

So the meaning of sudo was abused. sudo was meant to encourage the user to minimize the use of root privileges.

What we have now, is sudo becomes more and more popular. It is integrated in nearly every well known linux distribution. The original tool to switch to another user account is su. For an old school *nix veteran such thing like sudo might seem needless. It adds complexity and behaves more likely to the mechanisms we know from Microsofts os-family, and thus is in contrary to the philosophy of simplicity of *nix systems.

I’m not really a veteran, but also in my opinion sudo was always a thorn in my side, from the time is was introduced and I always worked around the usage of sudo, if it was possible. I am most reluctant to use sudo. On all my systems, the root account is enabled. But things change, maybe the time will come, when su will be deprecated and sudo replaces su completely.

Therefore I think, it will be the best to use sudo‘s internal mechanisms (-s, -i) instead of relying on an old tool such as su.

Answered By: chaos

To answer your question directly: no, there is no good reason to do this. Also, sudo su produces two log entries when one would suffice.

I’ve seen many people do this, and when I ask why they don’t just run sudo -s, the answer is just that they don’t know about the -s flag to sudo, and generally they switch after I point it out.

However, to your list of sudo -s and sudo -i, I’d like to add one more option, sudo -sE, which is kind of a replacement for su -m. sudo -sE preserves your environment including home directory. This has risks if your home directory is insecure (on NFS). But in an environment where many people use root, it saves you from having to agree on the contents of the root .bashrc file. My .bashrc contains many specializations for root, so I don’t get exactly the same environment as root, but at least I get exactly the environment I want.

Answered By: user3188445
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.