root vs sudo: Why You Shouldn't Work as root

2026-06-06 Reading time: About 10 min Difficulty: Beginner

You Were Told to Add sudo, but What Is root?

When you follow a tutorial online, you keep seeing commands that start with sudo, like sudo apt update. Maybe you treat it as a magic word you add to make things work. Dig deeper and you hit warnings like "don't work as root" and "use least privilege," which only adds to the confusion.

root is the all-powerful administrator account on Linux, and sudo is a way to borrow that power for a single command. In this guide, Lina and Linny-senpai build an intuition for why you stay a normal user and reach for sudo only when needed. By the end, sudo becomes a safety device you understand, not a spell you chant.

What You'll Learn

That root (the superuser) is a special account that can do anything
Why staying logged in as root is dangerous
That sudo borrows privileges for just one command
The difference between su and sudo
The basic form sudo command
The idea behind the "principle of least privilege"

1. What Is root, Really?

Conclusion: root is the one special administrator account allowed to do everything on Linux. It bypasses all permission checks and can read, write, or delete any file on the system.

Lina: Linny-senpai, I keep seeing sudo in front of commands. But what is root in the first place?

Linny-senpai: root is the most powerful account on Linux—the one that can do anything. In English it's also called the "superuser" or "administrator."

Lina: When you say "anything"...?

Linny-senpai: Literally everything. It can edit system config files a normal user can't touch, install software system-wide, even delete other people's files. Linux's permission checks simply don't apply to root.

Lina: Wait, then it's the strongest. Why not just use root all the time and solve everything?

Linny-senpai: That's the natural thought—but it's exactly what you must not do. Let me explain why, step by step.

root = an account exempt from permission checks

Its username is root, and its user ID (UID) is 0
It can read, write, and delete everything regardless of a file's permissions (rwx)
It can perform system-wide actions (installing packages, restarting services, adding users)

It's more accurate to think "the limits are removed" than "it's strong." For permissions themselves, see A Mental Model for Permissions.

2. Why Is Working as root Dangerous?

Conclusion: Because root skips permission checks, a single typo can break the whole system. The real danger is that mistakes and malware reach "every area" instead of being contained.

Lina: It's powerful and convenient, so why shouldn't I use root every day?

Linny-senpai: Because "can do anything" also means "can break anything." As a normal user, even if you accidentally try to delete an important file, you're stopped with "Permission denied." But root has no such brake.

Lina: No brake...?

Linny-senpai: For example, if you mistype the directory to delete, root runs it with no warning. Areas that a normal user's permission walls would have protected can be wiped out entirely.

Lina: That's scary. But I'll be fine if I'm just careful, right?

Linny-senpai: Humans always make mistakes—and that's not the only risk. If a program you run as root contains malicious code, that damage runs with root's power too. The whole system gets taken over. That's why the rule is to keep your privileges low by default.

Mistakes as root can be fatal

With the permission-check safety device removed, root makes these accidents easy.

A mistyped delete command removes system files you never meant to touch
An accidentally overwritten config file leaves the machine unable to boot
A malicious script run as root rewrites the entire system

Do your everyday work as a normal user, and borrow admin rights only for the moment you need them. That's how you keep the blast radius small.

3. What Does the sudo Command Do?

Conclusion: sudo runs just one command with root's privileges. You stay a normal user and borrow power only when you need it.

Lina: So when I do need admin rights, what should I do?

Linny-senpai: That's where sudo comes in. sudo stands for "superuser do," and it asks the system to "run just this one command as the administrator."

Lina: Is "just one" the key point?

Linny-senpai: Exactly. When you type sudo apt update, only that apt update command runs with root's privileges. The moment it finishes, you're back to your normal user. You don't stay as root.

Lina: I see—borrow the power only when needed, then give it back right away.

Linny-senpai: Precisely. And there's a record (a log) of who ran what with sudo, and when. Unlike "always root," responsibility stays clear.

sudo = borrow privileges for "just one command"

Only the command prefixed with sudo runs with root privileges
You return to your normal user immediately afterward (you don't stay as root)
The first time, it asks for your own password (not root's password)
It logs who ran what and when

Not "administrator forever," but "administrator for the single moment you need it." That's the heart of staying safe.

4. How Are su and sudo Different?

Conclusion: su switches you into root and stays there; sudo borrows privileges for one command and returns them immediately. For everyday use, sudo is the safe choice.

Lina: I also saw a similar command, su. How is it different from sudo?

Linny-senpai: Good question. su (switch user) switches users, and with no argument it switches you to root. Once you switch, you stay as root until you exit.

Lina: Staying as root the whole time... that's the dangerous part you mentioned.

Linny-senpai: Right. After su makes you root, every command you type runs with root privileges. The no-brake state continues. With sudo, it's per command, so you spend only a moment in the dangerous state.

Lina: That's why sudo is recommended.

Linny-senpai: Exactly. Modern systems like Ubuntu disable direct root login by default. Handling daily admin tasks with sudo is the modern convention.

Item	`su`	`sudo`
What it does	Switch to root and stay there	Borrow privileges for one command
Scope of power	root until you `exit`	Only while that command runs
Password asked	root's password	your own (the running user's)
Logging	Hard to track	Records who did what
Everyday use	Discouraged	Recommended

sudo su exists too, but start with sudo command

There's also sudo su or sudo -i to "enter a root shell via sudo." It's used when you need to run several admin tasks in a row, but it carries the same risk as su because you sit in a root shell. While you're a beginner, it's safer to get used to the basic form: add sudo to each command.

5. How Do You Use sudo? (The Basic Form)

Conclusion: Just put sudo in front of the command that needs admin rights. The basic form is sudo <command>, and it asks for your own password the first time.

Lina: Show me how to actually use it.

Linny-senpai: It's easy. Just put sudo in front of a command that needs admin rights. For example, to refresh the package list, you type this.

Lina: So you just add it to the start of the command.

Linny-senpai: Right. It asks for your password once at first (nothing shows on screen, but your typing is registered). Once you pass, it won't ask again for a while as you keep working.

sudo apt update

[sudo] password for lina:
Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
...

You can check who you are right now with whoami.

whoami

lina

Only inside the sudo-prefixed command do you act as root; once it ends, you're back to lina.

Check what you're allowed to do with sudo -l

Which users may use sudo, and which commands they can run, is managed in a config file called /etc/sudoers. To list the sudo actions allowed to you, run this.

sudo -l

Knowing "what I can run with admin rights" makes it faster to diagnose a Permission denied dead end.

6. What Is the Principle of Least Privilege?

Conclusion: The idea of holding only the minimum privileges needed for the task. Stay a normal user day to day and borrow admin rights only for the moment you need them, reducing both accidents and damage.

Lina: If you sum up everything so far in one phrase, what is it?

Linny-senpai: The "principle of least privilege." It means you hold no more privileges than you strictly need.

Lina: Like staying weak by default and getting strong only when needed?

Linny-senpai: Exactly. If you're always at maximum power (root), then the damage from mistakes and viruses is at maximum too. But if you stay a normal user, the damage stops within your reach. And you borrow root with sudo only for the one moment you need it.

Lina: So that's why "don't work as root" and "use sudo" are said together.

Linny-senpai: Right. This isn't just a Linux thing—it's a universal rule in security. Remembering it will serve you for a long time.

Least privilege becomes a habit

Log in as a normal user day to day (don't live as root)
Add sudo only to commands that need admin rights
Before adding sudo, pause and ask "does this command truly need admin rights?"
Don't copy-paste and run a sudo command you don't understand

Make "give strong privileges back quickly" a habit, and you'll prevent most accidents.

7. How Do You Try It Hands-On?

Conclusion: Check who you are with whoami, then actually type commands with and without sudo to see how access changes. That's the fastest way to understand.

Lina: I think I get it in my head, but it doesn't feel real yet...

Linny-senpai: The best way is to type and check. Confirm who you are with whoami, then try a privileged action with and without sudo—you'll feel "ah, this is where admin rights are needed."

Lina: I'm a bit scared to try admin commands on my own machine.

Linny-senpai: Then use a playground you can try safely in the browser. You can feel out whoami and the sense of privileges without worrying about breaking anything.

whoami
id

lina
uid=1000(lina) gid=1000(lina) groups=1000(lina),27(sudo)

If the id output includes a sudo group, that user can use sudo. If uid is anything other than 0 (like uid=1000), you're a normal user right now, not root.

Type whoami and id in the Penguin Gym Linux terminal and confirm "who am I right now." Once you grasp the sense of privileges, deciding whether to add sudo becomes second nature.

Summary

root is the do-anything administrator account exempt from permission checks
Living as root lets mistakes and malware reach the entire system
sudo borrows privileges for one command and returns them immediately (with a log of responsibility)
su keeps you as root; sudo is per command—use sudo for everyday work
The basic form is sudo <command>; check what you're allowed with sudo -l
Underneath it all is the principle of least privilege: be a normal user by default, an administrator only for the moment you need it