LinuxCommandLibrary

su

Become another user, usually the superuser

TLDR

Switch to superuser (requires the root password)

$ su
copy

Switch to a given user (requires the user's password)
$ su [username]
copy

Switch to a given user and simulate a full login shell
$ su - [username]
copy

Execute a command as another user
$ su - [username] [[-c|--command]] "[command]"
copy

SYNOPSIS

su [options] [username [arguments]]

PARAMETERS

-
    Start a login shell, simulating a fresh login for the target user. This loads the user's environment variables and executes their shell initialization scripts (e.g., .bashrc, .profile).

-l, --login
    Equivalent to using '-' option; starts a login shell.

-m, --preserve-environment
    Preserve the current environment variables. By default, su cleans the environment.

-c, --command
    Execute a single command as the target user instead of starting a new shell.

-s, --shell
    Specify the shell to use for the target user. Defaults to the user's login shell.

--session-command
    Same as -c but do not create a new session

-p
    Deprecated, use -m instead

DESCRIPTION

The su (substitute user) command allows you to execute commands as a different user. By default, without specifying a username, it attempts to become the superuser (root). When a username is provided, su will prompt for the specified user's password. Upon successful authentication, you will be granted a new shell with the privileges of that user.

su is often used for administrative tasks or for testing software under different user contexts. It's crucial to understand the security implications of using su, as it grants elevated privileges. Proper authorization and security policies should be in place to prevent unauthorized access.

CAVEATS

Using su without specifying a username defaults to attempting to become root. This requires the invoker to know the root password, or have sudo privileges.

SECURITY CONSIDERATIONS

When using su, ensure you trust the target user's account and environment. Malicious or compromised accounts could potentially exploit vulnerabilities to gain further access to the system. Consider using sudo for more granular control over privileges.

ENVIRONMENT VARIABLES

By default, su cleans the environment variables before switching users. This can impact how programs behave under the new user context. Use the '-m' or '--preserve-environment' option to retain the current environment variables, but be aware that this can also introduce security risks if sensitive information is exposed to the target user.

EXIT STATUS

The su command returns the exit status of the command it executes, or a non-zero value if su itself fails.

HISTORY

The su command has been a part of Unix systems since their early days. Its primary function has always been to switch user accounts, most commonly to gain root privileges for administrative tasks. Over time, its implementation has evolved, with additions like environment preservation and shell selection to provide finer control over the user switching process. Its continued presence highlights its fundamental role in managing user permissions and system administration within Linux and Unix-like operating systems.

SEE ALSO

sudo(8), login(1), runuser(1)

Copied to clipboard