Intro To 'su' Command In Linux

2023-11-08 - By Robert Elder

I use the 'su' command to access the command prompt as a another user. If I run the 'whoami' command as the default user:

whoami

I'll see this:

robert

But if it run the 'su' command first, and then enter the root user's password:

su

I'll see this:

whoami

root

Origin Of 'su' Command

The 'su' command is one the oldest commands for gaining elevated privileges:

It dates back to the very first version of Unix from 1971:

Becoming Another User Using 'su'

Here, I have a script in the file 'launch-rocket-ship.sh' that launches a rocket ship to mars:

#!/bin/bash
echo -en "Launching rocket ship to Mars."
for i in {1..10}; do
        sleep 0.1
        echo -en "."
done
echo ""
echo "The rocket ship launched"
echo "successfully and did not explode!"

If I check the current permissions and ownership of this file, I'll see the following:

ls -l launch-rocket-ship.sh

-rwxrw-r-- 1 elon elon 200 Oct 14 15:38 launch-rocket-ship.sh

If I try to run this script as the 'robert' user, it doesn't work, because I don't have permission:

whoami

robert

./launch-rocket-ship.sh

-bash: ./launch-rocket-ship.sh: Permission denied

I can use the 'su' command to become the 'elon' user:

su elon

Now, the script runs successfully, and I can launch the rocket ship to Mars:

whoami

elon

./launch-rocket-ship.sh

Launching rocket ship to Mars...........
The rocket ship launched
successfully and did not explode!

The 'su' Command Versus 'sudo'

These days, the 'sudo' command is generally preferred over the 'su' command for a number of security related reasons. In particular, the 'sudo' command allows for more limited and temporary user access:

man sudo

     sudo supports a plugin architecture for security policies and
     input/output logging.  Third parties can develop and distribute
     their own policy and I/O logging plugins to work seamlessly
     with the sudo front end.  The default security policy is
     sudoers, which is configured via the file /etc/sudoers, or via
     LDAP.  See the Plugins section for more information.
...
     timed out reading password
           The user did not enter a password before the password
           timeout (5 minutes by default) expired.
...

Another difference between the 'su' and 'sudo' commands, is that 'sudo' expects the password of the current and likely less privilege user, whereas the 'su' command expects the password of the other likely high privilege user.

#  Expects password of *current* user:
sudo -u elon

#  Expects password of the 'elon' user:
su elon

And that's why the 'su' command is my favourite Linux command.

Intro To 'stty' Command In Linux Published 2023-10-04	$1.00 CAD Terminal Block Mining Simulation Game	Intro To 'nproc' Command In Linux Published 2023-07-15	Intro To 'comm' Command In Linux Published 2023-09-06
How To Force The 'true' Command To Return 'false' Published 2023-07-09	A Surprisingly Common Mistake Involving Wildcards & The Find Command Published 2020-01-21	A Guide to Recording 660FPS Video On A $6 Raspberry Pi Camera Published 2019-08-01	Intro To 'chroot' Command In Linux Published 2023-06-23

Why Bother Subscribing?

Free Software/Engineering Content. I publish all of my educational content publicly for free so everybody can make use of it. Why bother signing up for a paid 'course', when you can just sign up for this email list?
Read about cool new products that I'm building. How do I make money? Glad you asked! You'll get some emails with examples of things that I sell. You might even get some business ideas of your own :)
People actually like this email list. I know that sounds crazy, because who actually subscribes to email lists these days, right? Well, some do, and if you end up not liking it, I give you permission to unsubscribe and mark it as spam.