The Unix command su, derived from set user, is used by a computer user to execute a command with the privileges of another user account. When executed it invokes a shell without changing the current working directory or the user environment.
When run from the command line, su asks for the target user's password, and if authenticated, grants the operator access to that account and the files and directories that account is permitted to access.
john@localhost:~$ su jane Password: jane@localhost:/home/john$ exit logout john@localhost:~$
When used with a hyphen (su -) it can be used to start a login shell. In this mode users can assume the user environment of the target user:
john@localhost:~$ su - jane Password: jane@localhost:~$
The command sudo is related, and executes a command as another user but observes a set of constraints about which users can execute which commands as which other users (generally in a configuration file named /etc/sudoers, best editable by the command visudo). Unlike su, sudo authenticates users against their own password rather than that of the target user (to allow the delegation of specific commands to specific users on specific hosts without sharing passwords among them and while mitigating the risk of any unattended terminals).
Some Unix-like systems have a wheel group of users, and only allow these users to su to root. This may or may not mitigate these security concerns, since an intruder might first simply break into one of those accounts. GNU su, however, does not support a wheel group for philosophical reasons. Richard Stallman argues that because a wheel group would prevent users from utilizing root passwords leaked to them, the group would allow existing admins to ride roughshod over ordinary users.
- McIlroy, M. D. (1987). A Research Unix reader: annotated excerpts from the Programmer's Manual, 1971–1986 (PDF) (Technical report). CSTR. Bell Labs. 139.
- Levi, Bozidar (2002). UNIX Administration: A Comprehensive Sourcebook for Effective Systems and Network Management. CRC Press. p. 207. ISBN 0-8493-1351-1.
- "Why GNU su does not support the wheel group".
- su — manual pages from GNU coreutils.
- Linux User Commands Manual –
- FreeBSD General Commands Manual –
- Solaris 10 System Administration Commands Reference Manual –
- The su command — by The Linux Information Project (LINFO)
- Definition of su — dictionary.die.net
|This Unix-related article is a stub. You can help Wikipedia by expanding it.|