Switch users by su command
With the su command, you can temporarily become another user.
However, in reality, it is not just temporarily becoming another user, it is just starting a shell on user newly.
If you need administrator privileges temporarily or if you want to work in a specific account environment, you can use the su command to execute the command as the specified account.
Last Update : December 31, 2018
Switch users by su command Contents
- Switch to another user
- Switch to root user
- The difference between su - and su (difference in presence or absence of "-")
- Execute command with privileges of other user account
Usage of su command
su [-lmp] [-c command] [-s shell] [--login] [--fast] [--preserve-environment] [--command=command] [--shell=shell] [-] [--help] [--version] [user [arg...]]
|-c COMMAND||Execute COMMAND (one line)|
|-, -l, --login||Delete all environment variables of the current shell, invoke the shell as the specified user, and set the current directory as the user's home directory.|
|-m, -p, --preserve-environment||Execute shell without changing environment variables 'HOME', 'USER', 'LOGNAME', 'SHELL'|
|-s, --shell shell||Start with specified shell|
|--version||Display version information|
Specific usage is below.
2. Switch to another user
I will switch from user1 to test_user
[user1@localhost ~]$ id uid=500(user1) gid=500(user1) groups=500(user1) [user1@localhost ~]$ su - test_user ← Switch to test_user Password: ← Enter password for test_user [test_user@localhost user1]$ id uid=501(test_user) gid=501(test_user) groups=501(test_user)
Since the shell to be executed is selected from the user's password entry (the shell of /etc/passwd), it can not be switched to the user specified as a shell that can not log in like /sbin/nologin. Also, if nothing is written as to which shell to use, /bin/sh is executed.
3. Switch to root user
If you do not specify a user name after the su command, you are specifying the root user.
[user1@localhost ~]$ id uid=500(user1) gid=500(user1) groups=500(user1) [user1@localhost ~]$ su - ← Do not specify user. Password: [root@localhost user1]# id uid=0(root) gid=0(root) groups=0(root),1(bin),・・・
4. The difference between su - and su (difference in presence or absence of "-")
The behavior varies depending on whether there is a "-" option or not.
When "-" is attached, all environment variables of the current shell are canceled and the shell is started as the specified user. Then, make the current directory its user home directory.
It is an image like logging in as a new user.
If "-" is not attached, the current environment variable is inherited (except for USER, HOME, LOGNAME).
[user1@localhost ~]$ export TESTENV=foobaa ← Create an environment variable called "TESTENV" [user1@localhost ~]$ env | grep TESTENV TESTENV=foobaa [user1@localhost ~]$ su test_user ← Execute the su command without "-" Password: [test_user@localhost user1]$ env | grep TESTENV TESTENV=foobaa ← Environment variables are inherited. [test_user@localhost user1]$ exit [user1@localhost ~]$ su - test_user ← Execute the su command with "-" Password: [test_user@localhost ~]$ env | grep TESTENV ↑ Since environment variables are not inherited, there is no environment variable "TESTENV".
5. Execute command with privileges of other user account
You can execute the command as the specified user.
su -c 'command' [User account name to execute the command]
[user1@localhost ~]$ su -c 'touch /tmp/test.txt' - ← Execute command as root user Password: [user1@localhost ~]$ ls -l /tmp/test.txt -rw-r--r-- 1 root root 0 Oct 27 03:57 /tmp/test.txt ← A file was created as root.