The su command allows the current user to assume the identity of another user on a Linux system. It stands for "switch user" or "substitute user", not "superuser" (although it defaults to prompting for the root password if invoked without any arguments). The su command is very useful in Unix.
$ su [user]
When an ordinary user invokes the su command they will be prompted for the password of the user whose account they are attempting to utilise. Once a correct password is entered, the shell prompt will return and the user will now be operating with the permissions and access privileges of the target account. If the command su - is used (with a single dash as the argument) the user will also inherit the environment of the target user (as if they had logged in using the target user's ID and password).
It is often suggested that as a precaution when using su to execute commands as the root user, that the command be invoked in the form:
$ su -c command [user]
When executed in this form, if authentication is successful, su will return immediately after executing command as the other user, without launching a shell as the target user. If the target user is root, this method of execution will avoid problems caused by accidentally leaving a root shell open on the system.
In most shells command must be contained within quotation marks if it contains special characters or spaces.
As an example, an unprivileged user might execute the following command to edit the LILO configuration file:
$ su -c "vi /etc/lilo.conf"
The sudo command is similar but only allows for the running of a single command as root, and allows control over which users are allowed access to what commands.
Most (all?) Linux distributions incorporate this from the [util-linux] project.
These all relate to running commands in an altered context.
- chroot - Confine the program to "jail".
- env - Change variables.
- nice - Change priority.
- nohup - Protect from hangups (modem) or network outages.
- stdbuf - Change buffering of standard I/O filestreams.
- timeout - Limit the time.
- gdb - Run under control of a debugger
- script - Capture all program output
- valgrind - Validate program behavior
- strace - Create a log of system calls.