You also have sudo -s, which is similar to su.

Some distros set up sudo by default, and some don’t. I started out on Red Hat, back in the 1990s, and I don’t believe that they set up sudo by default; the norm there, at least at the time, was to su. Ubuntu, as I recall, installs sudo and I believe configures it to grant sudo access to the user account who did the installation. There, the convention is to kinda sudo. I can’t recall whether the default is passwordless, though.

I don’t think that using either is a horrendously bad practice. I tend to set up sudo in password-requiring mode and use sudo these days, but I wouldn’t blink an eye at using su either.

I think that the most-significant security concern with su is that you can leave a root shell lying around if you walk away from your computer, and while sudo may reduce the frequency with which that happens – if one is prone to walking away from their computer and leaving it unlocked in the first place – you can do that with sudo -s as well, which I certainly use, so…shrugs Plus, if you have sudo set up with passwordless root access, any shell is functionally a root shell anyway. And, frankly, if someone has physical access to a system, most people don’t bother to lock down their system against setting init=/bin/sh on the kernel command line in GRUB, passwording their BIOS and restricting it from booting from alternate boot media, etc, so…

I am not a sysadmin, jus user since 2000. I think if you ever need to do something with sudo it will be as dangerous as using su.