su
Become another user, usually the superuser
TLDR
Switch to superuser (requires the root password)
Switch to a given user (requires the user's password)
Switch to a given user and simulate a full login shell
Execute a command as another user
SYNOPSIS
su [options] [username [arguments]]
PARAMETERS
-
Start a login shell, simulating a fresh login for the target user. This loads the user's environment variables and executes their shell initialization scripts (e.g., .bashrc, .profile).
-l, --login
Equivalent to using '-' option; starts a login shell.
-m, --preserve-environment
Preserve the current environment variables. By default, su cleans the environment.
-c, --command
Execute a single command as the target user instead of starting a new shell.
-s, --shell
Specify the shell to use for the target user. Defaults to the user's login shell.
--session-command
Same as -c but do not create a new session
-p
Deprecated, use -m instead
DESCRIPTION
The su (substitute user) command allows you to execute commands as a different user. By default, without specifying a username, it attempts to become the superuser (root). When a username is provided, su will prompt for the specified user's password. Upon successful authentication, you will be granted a new shell with the privileges of that user.
su is often used for administrative tasks or for testing software under different user contexts. It's crucial to understand the security implications of using su, as it grants elevated privileges. Proper authorization and security policies should be in place to prevent unauthorized access.
CAVEATS
Using su without specifying a username defaults to attempting to become root. This requires the invoker to know the root password, or have sudo privileges.
SECURITY CONSIDERATIONS
When using su, ensure you trust the target user's account and environment. Malicious or compromised accounts could potentially exploit vulnerabilities to gain further access to the system. Consider using sudo for more granular control over privileges.
ENVIRONMENT VARIABLES
By default, su cleans the environment variables before switching users. This can impact how programs behave under the new user context. Use the '-m' or '--preserve-environment' option to retain the current environment variables, but be aware that this can also introduce security risks if sensitive information is exposed to the target user.
EXIT STATUS
The su command returns the exit status of the command it executes, or a non-zero value if su itself fails.
HISTORY
The su command has been a part of Unix systems since their early days. Its primary function has always been to switch user accounts, most commonly to gain root privileges for administrative tasks. Over time, its implementation has evolved, with additions like environment preservation and shell selection to provide finer control over the user switching process. Its continued presence highlights its fundamental role in managing user permissions and system administration within Linux and Unix-like operating systems.