Top Menu

Thursday, October 4, 2012

Understand Linux Su Command Function with Example


In this article I am demonstrating, what is difference between su and su – commands and how it works. Linux is a multiuser Operating System. Multiple users can login to a Linux system simultaneously. You can switch between different users on the command line itself with su command. The su command can switch between users. This command changes the user credentials to those of a specified user or root (by default).

The su command

The su command, as stated above will change the user’s credentials to some other usesr’s. The following command describes the basic usage of su command:

[suman@myblogtst01 ~]$ su sourav
Password:
[sourav@myblogtst01 suman]$ id
uid=501(sourav) gid=501(sourav) groups=501(sourav),504(javaproject) context=root:system_r:unconfined_t:SystemLow-SystemHigh

The id command outputs the information about the current user. In above output, you can see the changed user. When no arguments are given to su command, it changes to root user by default.

[sourav@myblogtst01 suman]$ su
Password:
[root@myblogtst01 suman]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=root:system_r:unconfined_t:SystemLow-SystemHigh

Simulating login with su -


With su –login or su -l or just su – command, you can switch user as if it were a login from a terminal.

[suman@myblogtst01 ~]$ su – sourav
Password:
[sourav@myblogtst01 ~]$ id
uid=501(sourav) gid=501(sourav) groups=501(sourav),504(javaproject) context=root:system_r:unconfined_t:SystemLow-SystemHigh

su vs su-

The difference between su and su – is that some environment variables such as PATH variable do not change values with just su (i.e. if -l option or – is omitted). Some commands may not run if PATH is not properly set. For example consider the following scenario:

[sourav@myblogtst01 ~]$ su root
Password:
[root@myblogtst01 sourav]# fdisk -l
bash: fdisk: command not found
[root@myblogtst01 sourav]# echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/sourav/bin

You can see that sbin directories are not included in the root user’s PATH. So it does not run the fdisk command. Now we try to login with su – command:

[sourav@myblogtst01 ~]$ su -
Password:
[root@myblogtst01 ~]# fdisk -l
Disk /dev/sda: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 1044 8281507+ 8e Linux LVM
[root@myblogtst01 ~]# echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

Another difference between these two commands is of the login scripts. First let’s discuss some login scripts:
When a user logs into a system, following 4 files are executed if the user’s credentials are legitimate:

/etc/profile
/etc/bashrc
~/.bashrc
~/.bash_profile

When you login with su – command, all of these scripts are executed. But with su, only bashrc scripts are executed, i.e. /etc/bashrc and ~./bashrc scripts are executed.