Home > Package & System Management > su

su: Switch User

The `su` command, short for 'substitute user' or 'switch user', is used to change the current user ID to another user's ID. It is commonly used to gain administrator privileges (root) or to perform tasks within another user's environment. It requires password authentication to gain privileges and is a critical command for security.

Overview

`su` is used to execute commands with another user's privileges or to switch to that user's shell environment within the current session. By default, if no target user is specified, it attempts to switch to the root user.

Key Features

  • User ID Switching: Changes the current user's privileges to those of another user.
  • Default Target: If no username is specified, it defaults to attempting to switch to the root user.
  • Password Authentication: Requires the correct password of the target user to switch privileges.
  • Environment Switching: The `-` or `-l` options can be used to fully switch to the target user's login shell environment.

Key Options

The `su` command offers various options to control the user switching method and the commands to be executed.

User Switching Options

Command Execution Options

Generated command:

Try combining the commands.

Description:

`su` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Learn how to switch users and execute specific commands using various examples of the `su` command.

Switch to Root User (Not Login Shell)

su

Switches to the root user by default, but does not load root's login shell environment. Some of the current user's environment variables may be retained.

Switch to Root User with Login Shell

su -

Switches to the root user and fully loads root's login shell environment (PATH, home directory, etc.). This is the most common and recommended method.

Switch to a Specific User with Login Shell

su -l username

Switches to the specified 'username' user and loads that user's login shell environment.

Execute a Specific Command as Root and Return

su -c "ls -la /root"

Executes the `ls -la /root` command with root privileges and automatically returns to the original user. The shell environment remains unchanged.

Execute a Specific Command as Another User and Return

su username -c "whoami"

Executes the `whoami` command with the privileges of the 'username' user and then returns to the original user.

Tips & Precautions

The `su` command directly impacts system security, so it's important to consider a few key points when using it.

Security and Recommendations

  • Risk of Root Password Exposure: `su` directly prompts for the root password. If this password is leaked, the entire system can be compromised. `sudo` uses the user's own password and can grant privileges only for specific commands, allowing for more granular control. Generally, using `sudo` is more recommended.
  • Recommended to Use Login Shell: It is advisable to use `su -` (with the hyphen) to fully load the target user's login shell environment. This ensures that PATH and environment variables are correctly set, preventing unexpected issues and providing the same effect as working in the target user's environment.
  • Avoid Unnecessary Root Usage: Once the necessary task is completed, it is safer from a security perspective to immediately return to the original user by typing `exit`. Working with root privileges for extended periods can pose risks to the system.
  • Check Logs: `su` usage is logged in system logs (e.g., `/var/log/auth.log` or `/var/log/secure`). It is good practice to periodically check these logs for security audits.

Same category commands

ansible

ansible: Remote Server Management and Automation

apropos

apropos: Search Manual Pages

apt

APT (Advanced Package Tool) Command Guide

at

at Command Guide: Scheduling One-Time Tasks

crontab

Complete Guide to the crontab Command: How to Schedule Repetitive Tasks