You’re staring at a terminal. It’s flickering. You need to change a system configuration file or maybe just update your packages, and you get that annoying "Permission denied" message. Your first instinct? Type two letters. SU.
It’s a reflex for most Linux users. It’s ingrained in the muscle memory of system administrators who have been at this since the 90s. But honestly, most people don't actually know what they’re doing when they fire off a su command. They just know it makes the red text go away.
Essentially, su stands for "substitute user." While everyone assumes it means "superuser," that’s technically a secondary function. It lets you become anyone else on the system without logging out. If you don't specify a name, it defaults to the root user. The king. The god mode of your operating system.
It’s powerful. It’s also incredibly dangerous.
What Is a SU Command Doing to Your System?
When you run su, you aren't just gaining permissions. You are literally spawning a new shell.
Think of it like this: you’re wearing a civilian outfit and you need to get into a high-security building. Instead of just showing a badge, you step into a phone booth, change into a full SWAT uniform, and walk in. You are no longer "you" in the eyes of the kernel. You are the root.
There's a subtle but massive difference between su and su -. Most beginners mess this up. If you just type su, you stay in your current directory, but you have root powers. Your environment variables—the stuff that tells your computer where to look for files—stay largely the same. But if you use su -, you get a "login shell." It’s a fresh start. You get root’s home directory, root’s path, and root’s logic.
Experienced admins like Theodore Ts'o or the folks over at Red Hat have long preached the importance of that little dash. Without it, you might accidentally run a script that uses your local user's settings but with root's destructive power. That is a recipe for a bricked system.
The sudo vs su Feud: Why the Distinction Matters
You've probably heard people say "just use sudo." They aren't just being pedantic. There is a fundamental architectural difference in how these two things handle your security.
With su, you need the root password. That means every person who needs to do something "big" on the server needs to know the most secret password on the machine. That’s a nightmare for security. If you fire an employee, you have to change the root password and tell everyone else the new one. It’s messy.
Sudo, on the other hand, stands for "superuser do." It lets you use your own password to execute a single command as root. You don't need to know the master key; the system just trusts you enough to let you do one specific thing.
The su command is like handing someone the keys to your entire house. Sudo is like standing by the door and unlocking it for them so they can grab one thing from the kitchen.
Why do we still use it?
Honestly? Legacy. And sometimes, total control.
If you’re doing a massive system migration that requires fifty different commands all requiring root access, typing sudo fifty times is a pain. You just want to live in the root shell for an hour. In that specific niche, su is king. It’s faster. It’s more direct.
The Security Nightmare Nobody Talks About
Logging. That’s the big one.
When you use sudo, the system keeps a log of exactly what you did. It says "User 'Dave' ran 'rm -rf /' at 10:05 PM." When you use su, the log just says "User changed to root." Then, everything you do after that is essentially anonymous. If something breaks, you can’t look back and see who did it. You just see that "root" was there.
In a modern enterprise environment, that’s a total non-starter. Compliance standards like PCI-DSS or SOC2 basically forbid the raw use of su because it breaks the "chain of accountability." You can't prove who did what.
How to Actually Use the SU Command Safely
If you’re going to use it, do it right. Don't just sit in a root shell while you're browsing the web or writing code.
- The Dash is Non-Negotiable. Always use
su -. It clears out the "junk" from your user environment that could cause conflicts. - Check Your Prompt. Most Linux distributions change your prompt from a
$to a#when you’re root. Watch that. If you see the hash mark, be careful. You’re one typo away from deleting your boot partition. - Exit Immediately. Once you’ve run the command you needed, type
exit. Do not leave that terminal window open. If someone walks up to your desk while you’re getting coffee and you’ve got a root shell open, they own your life.
The Weird History of the Name
People argue about this in forums all the time. Is it "Substitute User" or "Super User"?
💡 You might also like: How a Latitude and Longitude Finder Actually Works When Your GPS Flakes Out
The original Unix manuals from the 70s refer to it as "substitute user ID." Because you can actually use it to become any user. If you want to see what things look like for a user named "bob," you can type su bob. You'll need Bob's password, but you'll effectively be Bob. The fact that it’s mostly used to become root is just a byproduct of how we use computers today.
Practical Next Steps for Your Linux Journey
Stop using su as your default. It’s a bad habit that’s hard to break, but your system security will thank you.
First, make sure your user is in the "wheel" or "sudo" group. This gives you the ability to use sudo instead of needing the root password. On Ubuntu or Debian, this is usually handled during installation, but on Arch or CentOS, you might have to do it manually.
Second, if you really need a root shell, use sudo -i. This gives you the same "login shell" feel of su - but it uses your own password and keeps a record of the session. It’s the "modern" way to get the job done without the 1980s security risks.
Finally, go into your /etc/ssh/sshd_config file and make sure PermitRootLogin is set to no. This prevents people from trying to "su" into your machine from across the internet. If you need to get in, you log in as a normal human and escalate your privileges once you're inside. That one change alone stops about 90% of basic automated brute-force attacks.
Don't treat the root account like a toy. It’s a chainsaw. It’s great for cutting down trees, but you don't use it to carve a turkey. Be deliberate.