Su

From Linux 101, The beginner's guide to all things Linux.

Jump to: navigation, search

The su program, frequently referred to as the "set user" or "superuser" command, allows one user to temporarily become another user. The default and most frequently used application of this command is to run a shell as the root user, allowing one to issue a number of priveledged commands without a full root login.

Contents

[edit] Why use su?

It is considered a security risk to run extraneous programs as root. Many tasks, such as editing configuration files or installing software, will need to be run as root. However, it is often unwise and unnecessary to log in as the root user. In particular, UNIX users often frown on logging into a graphical workspace as root. It is certainly a bad habit to develop.

The problem, then, is to create a single, temporary shell from which to issue commands as the root user, and the solution is su.

Su is also capable of switching to any other user on the system, and can be used to invoke single commands rather than open a shell.

[edit] What it does

  1. su first attempts to authenticate you as the user. Under some (non-GNU) versions of su, you must be a member of the wheel group (see Users and Groups) to do this. You must supply the user's password (e.g. your root password, under the default use).
  2. su starts a new subprocess -- a shell whose User ID is different from its parent process (e.g. root). If a command is provided to su, it instead starts a process to run that program with the different User ID.
  3. As usual, when the shell or other program terminates, its parent process (the invoking shell) regains control.

[edit] Invoking su

A typical su invocation is:

su [-] [-c command] [user [arguments]]

The "-" is a frequent option given to su. Its synonyms are "-l" and "-login". By default, su does not change your working directory, but does set the HOME and SHELL environment variables and possibly USER (if you're not switching to root). The "--login" option makes the created shell a login shell, which unsets all environment variables except TERM, HOME, SHELL and USER. It also directs the created shell to read in its login startup file(s). The current working directory is also set. It is often good practice to use "-" when using su to open a root shell.

The -c flag allows you to specify a command to be run rather than just a shell.

The optional username provided is name of the user you want to "switch" to. Any arguments after this are passed to the created shell.

Note that if you exectue su when you are the root user, you do not have to enter the password of the user you are switching to. It is not recommended that you log in as root and switch to a normal user to accomplish your work. Rather, the reverse is generally agreed to be wiser.

For more information, man su.

[edit] Exiting a su environment

The job of su ends when the subprocess (e.g. the shell) it created terminates. As with any other shell, you typically exit with the commands

logout

or

exit

Many shells also terminate on end of file, so the end-of-file code, Control-D, will do this for you.

[edit] See Also

Retrieved from "http://learn.clemsonlinux.org/wiki/Su"
Personal tools