Quantum Ink

Writing about the future as it unfolds.

Illustration showing sudo, sudo -i, and sudo su commands in a Linux terminal, explaining secure privilege escalation.

sudo, sudo -i, sudo su, and sudo su – Explained — What to Use and Why It Matters

, ,

On Linux systems, gaining root access is a routine task for administrators. However, the method you use to become root has important implications for security, predictability, and auditability.

Commands like sudo, sudo -i, sudo su, and sudo su - may appear similar, but they behave very differently behind the scenes. Choosing the wrong one — especially on production servers — can lead to subtle bugs, security risks, and poor audit trails.

This Article Explains

  • What each command variation actually does
  • How they are similar or different
  • Which approach is preferred today
  • The risks associated with each method
  • How these choices affect audit logs
  • Best practices for production servers

Why Root Access Needs Care

Root access bypasses almost all system-level safeguards. A single incorrect command can:

  • Overwrite critical system files
  • Stop essential services
  • Break package management
  • Cause outages that are difficult to trace

For this reason, Linux provides multiple ways to escalate privileges, each with different trade-offs around safety, traceability, and operational clarity.

sudo command — The Safest Default

sudo systemctl restart nginx

This runs a single command as root and then immediately returns you to your normal user.

Characteristics

  • Executes only one command with elevated privileges
  • Uses a controlled environment
  • Fully logged and auditable
  • Minimal risk of accidental damage

When to Use It

  • Restarting services
  • Installing or updating packages
  • Editing a single configuration file

For most administrative tasks, this is the preferred and safest approach.

sudo -i — Simulated Root Login Shell

sudo -i

This opens a full root login shell, similar to logging in directly as the root user.

What It Does

  • Switches to the root user
  • Starts a login shell
  • Sets HOME=/root
  • Loads root’s shell configuration files
  • Uses root’s PATH and environment

Why It’s Recommended

  • Clean and predictable environment
  • No user PATH or variables leaking in
  • Ideal for longer administrative sessions

Typical Usage

sudo -i
dnf update
vi /etc/php.ini
systemctl restart php-fpm
systemctl restart nginx
exit

On modern Linux systems, sudo -i is the recommended way to open a root shell.

sudo su – — Legacy Root Login Shell

sudo su -

This command uses sudo to run su, then starts a root login shell.

Why It Still Appears

  • Common in older documentation
  • Familiar to administrators from legacy systems

Drawbacks

  • Two tools doing one job
  • Less clean than sudo -i
  • Discouraged in modern security guidelines

It works, but sudo -i is preferred.

sudo su — Root Shell Without a Login Environment (Risky)

sudo su

This is the most problematic variation.

What Happens

  • You become root
  • Your original user environment is partially preserved

This can include:

  • User PATH entries
  • Environment variables
  • Shell behaviour and aliases

Why sudo su Is Risky

1. Mixed environments

Root commands may accidentally use user binaries or user configuration files, leading to inconsistent and hard-to-debug behaviour.

2. PATH-related risks

If a user PATH contains unexpected binaries, root may execute the wrong command.

/usr/bin/systemctl

May not be what actually runs.

3. Audit and compliance issues

Logs often show only that su was executed. Commands run inside the shell lose individual attribution.

Audit Logging: Why This Matters

With sudo command

  • Each privileged action is logged
  • Clear user attribution
  • Strong audit trail

With sudo -i

  • Entry into a root session is logged
  • Activity is associated with that session

With sudo su

  • Logs often stop at su
  • Reduced visibility into what actually happened

RHEL and Rocky Linux Examples

Single command (preferred)

sudo dnf update
sudo systemctl restart php-fpm
sudo systemctl restart nginx

Admin session (recommended)

sudo -i
dnf update
vi /etc/php.ini
systemctl restart php-fpm
exit

Legacy method

sudo su -

Avoid

sudo su

Ubuntu and Debian-Based Examples

Single command

sudo apt update
sudo apt upgrade
sudo systemctl restart php8.3-fpm
sudo systemctl restart apache2

Admin session

sudo -i
apt update && apt upgrade
nano /etc/php/8.3/fpm/php.ini
exit

Ubuntu strongly encourages sudo-based workflows and discourages direct root usage.

Quick Cheat Sheet

  • sudo — One command, fully audited, preferred
  • sudo -i — Clean root session, preferred for admin work
  • sudo su – — Legacy, works but outdated
  • sudo su — Mixed environment, poor auditing, avoid

Why Some Companies Ban sudo su

  • Audit and compliance requirements
  • Environment leakage risks
  • Least-privilege security models
  • Incident response clarity

Best Practices for Production Servers

  • Use sudo for single administrative tasks
  • Use sudo -i for planned admin sessions
  • Exit root shells immediately when finished
  • Avoid sudo su on production systems
  • Disable direct root login where possible

Final Takeaway

Use sudo for commands, sudo -i for sessions — and avoid sudo su.

Smart reads for curious minds

We don’t spam! Read more in our privacy policy