By executing the su command, you can become root or switch to any other user. This tutorial explains all su usages and the differences with the sudo command.
As said previously, if you execute the su command without a user, you will become root by default, as shown in the screenshot below.
If you execute the su command followed by a user, you’ll become that user. Naturally, if you are root when you execute su, you won’t be requested to type the user’s password.
As you can see in the example above, the user changed from root to the specified user linuxhint. Yet, the current directory remains. You can implement the -l flag to change the current directory for the target user’s home directory, automatically moving you from the current directory to the user’s home.
When implementing the -l flag, not only the current directory changes. Other features of this flag are:
- Environment variables are cleared except the TERM variable for terminal handling and whitelisted variables.
- Loads environment variables USER, LOGNAME, HOME, SHELL, and PATH.
- Turns the shell into a login shell.
- Changes the current directory for the target user’s home.
Another way to reproduce the same behavior is to replace the -l flag for just a hyphen (–), as shown below.
As you can see, the user changed and also the current directory.
The su command can be used to run commands as another user. As shown in the examples below, adding the -c (Command) flag allows you to execute commands with privileges without turning into the root.
First, let’s see what happens if we try to read the content of the root directory without being root:
As you can see, the user has no permissions to read the root directory. As shown below, this can be done with the su command with the -c (Command) flag.
As you see in the syntax, you need to invoke the su command with the -c flag, followed by the commands you want to run between quotation marks and followed by the user you want to run the command as, in this case, the root user.
The runuser command:
There is an alternative for the su command named runuser. The difference between these two commands is that runuser can only be used by the root. The runuser command doesn’t request a password, and it has a different PAM (Linux Pluggable Authentication Modules) configuration.
As you may know, running browsers as root is forbidden, a bad practice; your system must prevent you from doing that.
If you are root and you want to launch an application unsafe as root, you can use both the su command, followed by the -c flag as explained previously, or the runuser command shown in the example below, followed by the -u flag, the user you want to run the command as, and the command you want to be executed.
The sudo command:
The sudo command is the most used alternative to run commands as a privileged user. It is a limited method to get privileges. When using sudo, you won’t become root, but you will get permission to execute a specific command.
When using the previously explained su command, you need to fill in the target user password. When using sudo, instead of typing the target user password, you need to type the current user password; if the user is in the sudoers group, he will be able to run the command; if the user isn’t in the sudoers group, he won’t be able.
Running a command as sudo is pretty simple; just type sudo before the command as shown below.
For a user to be able to run commands with sudo, you need to add him to the sudoers group. To add a user to the sudoers group, run the following command.
Now the user can run commands requiring privileges by typing sudo.
The su, runuser, and sudo commands are easy to implement and are among the most basic Linux commands any user must know. Learning how to use these commands will increase the security from the user side (The most vulnerable). The sudo prefix for privileged commands is the best alternative to keep your system safe. Some Linux distributions automatically disable the root login, leaving sudo as the default method.
I hope this tutorial is showing what the command su does and how to implement it was useful. Keep following this blog for more Linux tips and tutorials.