REW

Which Command Will Create A New Shell Logged In As The Root User?

Published Aug 29, 2025 4 min read
On this page

The command su - creates a new shell logged in as the root user. Other methods, such as sudo -i and sudo su -, use the sudo privilege escalation mechanism to achieve the same result. The appropriate command depends on the system's setup and the user's authentication context.

Detailed explanation of root shell commands

In Linux and other Unix-like operating systems, the root user is a special administrative account with complete system control. It is often necessary to obtain a shell with root privileges for system administration tasks. Several commands accomplish this, each with a different approach to privilege management and session handling.

1. The su command

The su command, short for "substitute user" or "switch user," is the traditional method for switching to another user account.

  • Command:su
    • By default, running su without a username attempts to switch to the root user.
    • Authentication: This method requires entering the root user's password.
    • Environment: A basic su command does not load the root user's environment. The new shell inherits most of the environment variables from the original user, which can sometimes cause problems.
  • Command:su -
    • Adding the hyphen (-) or --login flag tells su to start a full login shell for the target user.
    • Behavior: This changes the directory to the root user's home directory (/root), loads the root's environment variables (e.g., PATH, HOME, SHELL), and provides a clean root session. This is the recommended way to use su when performing administrative work.
    • Authentication: The root user's password must be provided.

2. The sudo command

The sudo command ("superuser do") is the modern, more controlled alternative to su. It allows a user with the proper permissions to execute a command as another user (by default, root), authenticated with their own password.

  • Command:sudo -i
    • The -i flag (short for --login) runs an interactive login shell as the root user.
    • Authentication: The user must enter their own password, not the root password.
    • Behavior: This command simulates a new login session for the root user, moving to the /root home directory and loading the root environment. It provides a full, clean root shell, similar to su -.
    • Security: This is generally the most secure and recommended method for obtaining a root shell on modern Linux distributions. It uses the sudoers file for access control and logs all activities, enhancing accountability.
  • Command:sudo -s
    • The -s flag (short for --shell) runs an interactive shell as the root user but without creating a login session.
    • Authentication: Requires the user's own password, as configured in the sudoers file.
    • Behavior: The shell maintains the user's current directory and environment variables, similar to a simple su command. This can be convenient for running a quick series of privileged commands without changing the working environment.
  • Command:sudo su -
    • This command combines sudo with the behavior of su -.
    • Behavior: The sudo command executes su - with root privileges. Because su is run by root, it no longer requires a password. The su - then creates a full login shell for the root user.
    • Authentication: This method only requires the user's own password to run the initial sudo command. The result is identical to sudo -i.

Comparison of root shell commands

Command Authentication Environment Use Case
su root password Inherits user's For quick, non-disruptive changes, but less secure.
su - root password Loads root's When a full, standard root session is needed and the root password is known.
sudo -i Your own password Loads root's The recommended, most secure way for a permitted user to get a full root shell.
sudo -s Your own password Inherits user's For running a sequence of root commands without changing the working environment.
sudo su - Your own password Loads root's Functionally identical to sudo -i, but less direct.

Best practices and security considerations

  • Minimize root access: Avoid running as root longer than necessary. After completing administrative tasks, use the exit command or Ctrl-D to return to the normal user account.
  • Use sudo instead of su: Most modern Linux distributions disable the root account's password for security reasons. Using sudo allows for better accountability, as a log is kept of which users performed which privileged actions.
  • Manage permissions carefully: Access to sudo is controlled by the /etc/sudoers file. Administrators can use the visudo command to safely edit this file and define which users or groups can run specific commands with elevated privileges.
  • Use the right tool for the job:
    • For a single administrative command, simply use sudo <command>.
    • For a full root shell, use sudo -i.
    • For a sequence of commands without changing the environment, use sudo -s.
Enjoyed this article? Share it with a friend.