Frequently Asked Question

Should I use sudo or su, and what's the actual difference?

su (substitute user) opens a shell as another user, usually root, and asks you for that user's password. It is all-or-nothing: once you are in, you have the full power of the target account until you exit, with no per-command logging and no restrictions on what you can do. Sharing the root password with several admins so they can each su - is the old Unix way, and it still works, but it scales badly and leaves a poor audit trail.

sudo (superuser do) runs one command (or, with sudo -i, a shell) as another user, asks you for your own password, checks /etc/sudoers to see whether you are authorised, and logs the command. That means you never have to share root's password, you can grant fine-grained permissions ("alice may restart nginx but nothing else"), and every privileged action ends up in the system journal with a real human's name attached. On essentially every modern distribution sudo is the default, and su is reserved for recovery situations or for switching between ordinary user accounts.