su (Unix)

The su command, also referred to as super user[1] substitute user, spoof user, set user or switch user, allows a computer operator to change the current user account associated with the running virtual console.

By default, and without any other command line argument, this will elevate the current user to the superuser of the local system.

Contents

Usage

When run from the command line, su asks for the target user's password, and if authenticated, grants the operator access to that account and the files and directories that account is permitted to access.

john@localhost:~$ su
Password: 
root@localhost:/home/john# exit
logout
john@localhost:~$

Additionally, one can switch to another user who is not the superuser; e.g. su jane.

john@localhost:~$ su jane
Password:
jane@localhost:/home/john$ exit
logout
john@localhost:~$

It should generally be used with a hyphen by administrators (su -, which is identical to su - root), which can be used to start a login shell. This way users can assume the user environment of the target user:

john@localhost:~$ su - jane
Password:
jane@localhost:~$

A related command called sudo executes a command as another user but observes a set of constraints about which users can execute which commands as which other users (generally in a configuration file named /etc/sudoers, best editable by the command visudo). Unlike su, sudo authenticates users against their own password rather than that of the target user (to allow the delegation of specific commands to specific users on specific hosts without sharing passwords among them and while mitigating the risk of any unattended terminals).

Some Unix-like systems have a wheel group of users, and only allow these users to su to root.[2] This may or may not mitigate these security concerns, since an intruder might first simply break into one of those accounts. GNU su, however, does not support a wheel group; this was done for philosophical reasons.[3]

See also

References

  1. ^ Unix Source Code. http://www.bsdlover.cn/study/UnixTree/V5/usr/source/s2/su.c.html. 
  2. ^ Levi, Bozidar (2002). UNIX Administration: A Comprehensive Sourcebook for Effective Systems and Network Management. CRC Press. pp. 207. ISBN 0849313511. 
  3. ^ "Why GNU su does not support the wheel group". http://www.gnu.org/software/coreutils/manual/html_node/su-invocation.html#index-wheel-group_002c-not-supported-2315. 

External links

File system
cat · cd · chmod · chown · chgrp · cksum · cmp · cp · dd · du · df · file · fsck · fuser · ln · ls · lsattr · lsof · mkdir · mount · mv · pax · pwd · rm · rmdir · size · split · tee · touch · type · umask
Processes
at · bg · chroot · cron · kill · killall · nice · pgrep · pidof · pkill · ps · pstree · time · top
User environment
clear · env · exit · finger · history · id · logname · mesg · passwd · su · sudo · uptime · talk · tput · uname · w · wall · who · whoami · write
Text processing
awk · banner · basename · comm · csplit · cut · dirname · ed · ex · fmt · head · iconv · join · less · more · paste · sed · sort · spell · strings · tail · tr · uniq · vi · wc · xargs
Shell builtins
alias · echo · expr · printf · sleep · test · true and false · unset · wait · yes
Networking
dig · inetd · host · ifconfig · netstat · nslookup · ping · rdate · rlogin · netcat · ssh · traceroute
Searching
find · grep · locate · whatis · whereis · which
Documentation
apropos · help · info · man
Miscellaneous
bc · dc · cal · date · lp · lpr