Su

From LQWiki
Jump to navigation Jump to search

The su command allows the current user to assume the identity of another user on a Linux system. It stands for "switch user" or "substitute user", not "superuser" (although it defaults to prompting for the root password if invoked without any arguments). The su command is very useful in Unix.

Usage

$ su [user]

When an ordinary user invokes the su command they will be prompted for the password of the user whose account they are attempting to utilise. Once a correct password is entered, the shell prompt will return and the user will now be operating with the permissions and access privileges of the target account. If the command su - is used (with a single dash as the argument) the user will also inherit the environment of the target user (as if they had logged in using the target user's ID and password).

If you invoke the su command as root, in order to assume the identity of another user, you will will not be asked for that user's password. This means that anyone who knows the root password can in practice assume the identity of any user.

It is often suggested that as a precaution when using su to execute commands as the root user, that the command be invoked in the form:

$ su -c command [user]

When executed in this form, if authentication is successful, su will return immediately after executing command as the other user, without launching a shell as the target user. If the target user is root, this method of execution will avoid problems caused by accidentally leaving a root shell open on the system.

In most shells command must be contained within quotation marks if it contains special characters or spaces.

As an example, an unprivileged user might execute the following command to edit the LILO configuration file:

$ su -c "vi /etc/lilo.conf"

The sudo command is similar but only allows for the running of a single command as root, and allows control over which users are allowed access to what commands.

Provided by

Most (all?) Linux distributions incorporate this from the GNU Coreutils: and use its man page


Provided by

Most (all?) Linux distributions incorporate this from the [util-linux] project.

Related Commands

These all relate to running commands in an altered context.

  • chroot - Confine the program to "jail".
  • env - Change variables.
  • gdb - Run under control of a debugger
  • nice - Change priority.
  • nohup - Protect from hangups (modem) or network outages.
  • runuser - Used by root to run a command as an ordinary user
  • script - Capture all program output
  • stdbuf - Change buffering of standard I/O filestreams.
  • strace - Create a log of system calls.
  • timeout - Limit the time.
  • valgrind - Validate program behavior


See also

This article is a stub and needs to be finished. Plunge forward and help it grow!