Difference between sudo -s and sudo su -

Question

It might be a duplicate and I'm pretty sure I already saw an answer to this somewhere, but I wondered what are the differences in terms of rights and variables and other stuff between sudo -s and sudo su -.

As far as I'm concerned, they both open a root shell, where I can do whatever I want, but I wondered if I could experience some differences one day.

Also this question on askUbuntu does not address my concerns.

See also su vs sudo -s vs sudo bash which covers sudo -i and sudo -s. — Gilles 'SO- stop being evil', Jul 22 '14 at 23:17

score 6 · Accepted Answer · edited Apr 13 '17 at 12:22

6

sudo -s

Reads the $SHELL variable and executes the content. If $SHELL contains /bin/bash it invokes sudo /bin/bash. So, /bin/bash is started as non-login shell so all the dot-files are not executed, but bash itself reads .bashrc of the calling user. Your environment stays the same. Your home will not be root's home. So you are root, but in the environment of the calling user.

sudo su -

su - is invoked by sudo. Unlike sudo su (withput the dash), the shell is called as a login shell, so /etc/profile, .profile and .bashrc are executed and you will find yourself in root's home directory with root's environment.

Sources:

edited Apr 13 '17 at 12:22

Community

1

answered Jul 22 '14 at 09:06

chaos

48,171

I was sure they were some differences – Kiwy Jul 22 '14 at 09:36
The later (su - <acct> also ensures that you parse the accounts environment files. – sleepyweasel Jan 24 '17 at 18:50

score 1 · Answer 2 · answered Aug 31 '21 at 14:28

In my opinion any use of 'su' after 'sudo' is an overkill.
You are using su without changing the effective user ID, which is the primary purpose of su, because that was already done by sudo. You are using the default behavior of su to execute the shell after changing user ID as the primary purpose, which you can better and more explicitly achieve by directly executing the shell from sudo. You are banking on the su behavior to not ask for a password again if the calling user is already root (else you would need to type a password twice; once for sudo and once for su). You can execute the shell as a login shell by passing -l option or setting argv[0] with a '-' prefix. BUT... sudo by default does not change the value of $HOME to match the target user (unless 'set_home' or 'always_set_home' is in /etc/sudoers); use the -H option to override -- $HOME determines whose profile scripts are applied for -l. And sudo nor bash change the current directory (unless some command in bash_profile does that).

So 'sudo -H bash -l' is almost like 'sudo su -' without the overkill, except that the current directory is not changed.

And 'sudo -s' is like 'sudo su' without the overkill.

Difference between sudo -s and sudo su -

2 Answers2

Linked