In this tutorial we learn what is su command (switch user) in Unix/Linux and the difference between su and su - commands. Linux is a multiuser operating system kernel which means multiple users can log in to a Linux system simultaneously.
You can switch between different users on the command line itself with su command. The su command stand for 'substitute user' or can switch between users. This command changes the user credentials to those of a specified user or root (by default).
What is su command doing
The su command, as stated above will change the user's credentials to some other user's. Let's check an example
[raghu@redhat-server ~]$ su jack Password: [jack@redhat-server raghu]$ id uid=501(jack) gid=501(jack) groups=501(jack),504(javaproject) context=root:system_r:unconfined_t:SystemLow-SystemHigh
The id command outputs the information about the current user. In the above output, you can see the changed user. When no arguments are given to su command, it changes to root user by default. Ubuntu man pages have explained it more information.
[jack@redhat-server raghu]$ su Password: [root@redhat-server raghu]# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=root:system_r:unconfined_t:SystemLow-SystemHigh
Simulating login with su -
With su --login or su -l or just 'su -' command, you can switch user as if it were a login from a terminal.
[raghu@redhat-server ~]$ su - jack Password: [jack@redhat-server ~]$ id uid=501(jack) gid=501(jack) groups=501(jack),504(javaproject) context=root:system_r:unconfined_t:SystemLow-SystemHigh
Differenence between su vs su-
The difference between 'su' and 'su -' is that some environment variables such as PATH variable do not change values with just su (i.e. if -l option or - is ommitted). Some commands may not run if PATH is not properly set. For example consider the following scenario:
[jack@redhat-server ~]$ su root Password: [root@redhat-server jack]# fdisk -l bash: fdisk: command not found [root@redhat-server jack]# echo $PATH /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/jack/bin
You can see that sbin directories are not included in the root user's PATH. So it does not run the fdisk command. Now we try to login with su - command:
[jack@redhat-server ~]$ su - Password: [root@redhat-server ~]# fdisk -l Disk /dev/sda: 8589 MB, 8589934592 bytes 255 heads, 63 sectors/track, 1044 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sda1 * 1 13 104391 83 Linux /dev/sda2 14 1044 8281507+ 8e Linux LVM [root@redhat-server ~]# echo $PATH /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
Another difference between these two commands is the login scripts. First, let's discuss some login scripts:
When a user logs into a system, the following 4 files are executed if the user's credentials are legitimate:
/etc/profile /etc/bashrc ~/.bashrc ~/.bash_profile
When you login with 'su -' command, all of these scripts are executed. But with su, only bashrc scripts are executed, i.e. /etc/bashrc and ~./bashrc scripts are executed.
In ubuntu you might receive authentication failure when you run su command. You receive this error because in ubuntu root account is disabled by default.
su: Authentication failure
Instead of su use
sudo -i or
sudo followed by your command.
In this tutorial, we learned the difference between “su” and “su -” commands in Linux. More information is available in man su. I hope you enjoyed reading and please leave your suggestions below.