How to use Su Command in Linux

In this tutorial we learn what is su command (switch user) in Unix/Linux and the difference between su and su - commands. Linux is a multiuser operating system kernel which means multiple users can log in to a Linux system simultaneously.

You can switch between different users on the command line itself with su command. The su command stand for 'substitute user' or can switch between users. This command changes the user credentials to those of a specified user or root (by default).

What is su command doing

The su command, as stated above will change the user's credentials to some other user's. Let's check an example

[raghu@redhat-server ~]$ su jack
Password:
[jack@redhat-server raghu]$ id
uid=501(jack) gid=501(jack) groups=501(jack),504(javaproject) context=root:system_r:unconfined_t:SystemLow-SystemHigh

The id command outputs the information about the current user. In the above output, you can see the changed user. When no arguments are given to su command, it changes to root user by default. Ubuntu man pages have explained it more information.

[jack@redhat-server raghu]$ su
Password:
[root@redhat-server raghu]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=root:system_r:unconfined_t:SystemLow-SystemHigh

Simulating login with su -

With su --login or su -l or just 'su -' command, you can switch user as if it were a login from a terminal.

[raghu@redhat-server ~]$ su - jack
Password:
[jack@redhat-server ~]$ id
uid=501(jack) gid=501(jack) groups=501(jack),504(javaproject) context=root:system_r:unconfined_t:SystemLow-SystemHigh

Differenence between su vs su-

The difference between 'su' and 'su -' is that some environment variables such as PATH variable do not change values with just su (i.e. if -l option or - is ommitted). Some commands may not run if PATH is not properly set. For example consider the following scenario:

[jack@redhat-server ~]$ su root
Password:
[root@redhat-server jack]# fdisk -l
bash: fdisk: command not found
[root@redhat-server jack]# echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/jack/bin

You can see that sbin directories are not included in the root user's PATH. So it does not run the fdisk command. Now we try to login with su - command:

[jack@redhat-server ~]$ su -
Password:
[root@redhat-server ~]# fdisk -l

Disk /dev/sda: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 1044 8281507+ 8e Linux LVM
[root@redhat-server ~]# echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

Another difference between these two commands is the login scripts. First, let's discuss some login scripts:

When a user logs into a system, the following 4 files are executed if the user's credentials are legitimate:

/etc/profile
/etc/bashrc
~/.bashrc
~/.bash_profile

When you login with 'su -' command, all of these scripts are executed. But with su, only bashrc scripts are executed, i.e. /etc/bashrc and ~./bashrc scripts are executed.

In ubuntu you might receive authentication failure when you run su command. You receive this error because in ubuntu root account is disabled by default.

user@host:~$ su
Password:
su: Authentication failure

Instead of su use sudo -i or sudo followed by your command.

Conclusion

In this tutorial, we learned the difference between “su” and “su -” commands in Linux.  More information is available in man su. I hope you enjoyed reading and please leave your suggestions below.

Read Also:

Leave a Comment