Linux - su command (switch user)

> Procedural Languages > Bash Shell and (Unix|Linux) Utilities (XCU)

1 - About

The su command (switch user) is a part of the user management.

To switch to another user, use the su command. This is most commonly used to switch to the root account.

su run a shell with substitute user and group IDs

Change the effective user id and group id to that of USER.

Advertising

3 - Synopsis

su [OPTION]... [-] [USER [ARG]...]

where:

  • -, -l, –login: make the shell a login shell
  • -c, –command=COMMAND: pass a single COMMAND to the shell with -c
  • –session-command=COMMAND pass a single COMMAND to the shell with -c and do not create a new session
  • -f, –fast: pass -f to the shell (for csh or tcsh)
  • -m, –preserve-environment: do not reset environment variables
  • -p same as -m
  • -s, –shell=SHELL: run SHELL if /etc/shells allows it
  • –help display this help and exit
  • –version: output version information and exit

A mere - implies -l. If USER not given, assume root.

4 - Management

4.1 - Autorization

Advertising

4.2 - Configuration

su reads the following configurtion files:

  • /etc/default/su
  • /etc/login.defs
cat /etc/login.defs
#
# Please note that the parameters in this configuration file control the
# behavior of the tools from the shadow-utils component. None of these
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
# passwd command) should therefore be configured elsewhere. Refer to
# /etc/pam.d/system-auth for more information.
#
 
# *REQUIRED*
#   Directory where mailboxes reside, _or_ name of file, relative to the
#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
#   QMAIL_DIR is for Qmail
#
#QMAIL_DIR      Maildir
MAIL_DIR        /var/spool/mail
#MAIL_FILE      .mail
 
# Password aging controls:
#
#       PASS_MAX_DAYS   Maximum number of days a password may be used.
#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
#       PASS_MIN_LEN    Minimum acceptable password length.
#       PASS_WARN_AGE   Number of days warning given before a password expires.
#
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    5
PASS_WARN_AGE   7
 
#
# Min/max values for automatic uid selection in useradd
#
UID_MIN                  1000
UID_MAX                 60000
# System accounts
SYS_UID_MIN               201
SYS_UID_MAX               999
 
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN                  1000
GID_MAX                 60000
# System accounts
SYS_GID_MIN               201
SYS_GID_MAX               999
 
#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD    /usr/sbin/userdel_local
 
#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME     yes
 
# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK           077
 
# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes
 
# Use SHA512 to encrypt password.
ENCRYPT_METHOD SHA512

where:

5 - Example

5.1 - To switch to root account...

  • By default, su switch to root.
su -
# or sudo su -

- start a login shell

  • The login prompt shows that your are root
[root@ebs121 gerardnico]#
  • And you when exiting, you come back to your session (here as gerardnico)
[root@ebs121 gerardnico]# exit
exit
[gerardnico@ebs121 ~]$
Advertising

5.2 - To switch to the user 'gerardnico'...

[root@ebs121 /]# su gerardnico
[gerardnico@ebs121 /]$
[gerardnico@ebs121 /]$ exit
exit
[root@ebs121 /]#