Linux - su command (switch user)

Bash Liste Des Attaques Ovh


The su command (switch user) is a part of the user management.

To switch to another user, use the su command. This is most commonly used to switch to the root account.


su run a shell with substitute user and group IDs

Change the effective user id and group id to that of USER.


su [OPTION]... [-] [USER [ARG]...]


  • -, -l, –login: make the shell a login shell
  • -c, –command=COMMAND: pass a single COMMAND to the shell with -c
  • –session-command=COMMAND pass a single COMMAND to the shell with -c and do not create a new session
  • -f, –fast: pass -f to the shell (for csh or tcsh)
  • -m, –preserve-environment: do not reset environment variables
  • -p same as -m
  • -s, –shell=SHELL: run SHELL if /etc/shells allows it
  • –help display this help and exit
  • –version: output version information and exit

A mere - implies -l. If USER not given, assume root.




sudo su -


su reads the following configurtion files:

  • /etc/default/su
  • /etc/login.defs
cat /etc/login.defs
# Please note that the parameters in this configuration file control the
# behavior of the tools from the shadow-utils component. None of these
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
# passwd command) should therefore be configured elsewhere. Refer to
# /etc/pam.d/system-auth for more information.

#   Directory where mailboxes reside, _or_ name of file, relative to the
#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
#   QMAIL_DIR is for Qmail
#QMAIL_DIR      Maildir
MAIL_DIR        /var/spool/mail
#MAIL_FILE      .mail

# Password aging controls:
#       PASS_MAX_DAYS   Maximum number of days a password may be used.
#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
#       PASS_MIN_LEN    Minimum acceptable password length.
#       PASS_WARN_AGE   Number of days warning given before a password expires.

# Min/max values for automatic uid selection in useradd
UID_MIN                  1000
UID_MAX                 60000
# System accounts
SYS_UID_MIN               201
SYS_UID_MAX               999

# Min/max values for automatic gid selection in groupadd
GID_MIN                  1000
GID_MAX                 60000
# System accounts
SYS_GID_MIN               201
SYS_GID_MAX               999

# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#USERDEL_CMD    /usr/sbin/userdel_local

# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.

# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK           077

# This enables userdel to remove user groups if no members exist.

# Use SHA512 to encrypt password.



To switch to root account…

  • By default, su switch to root.
su -
# or sudo su -

- start a login shell

  • The login prompt shows that your are root
[root@ebs121 gerardnico]#
  • And you when exiting, you come back to your session (here as gerardnico)
[root@ebs121 gerardnico]# exit
[gerardnico@ebs121 ~]$

To switch to the user 'gerardnico'…

[root@ebs121 /]# su gerardnico
[gerardnico@ebs121 /]$
[gerardnico@ebs121 /]$ exit
[root@ebs121 /]#

Discover More
Card Puncher Data Processing
Ansible - Become (privilege escalation)

become is an interface where plugins are implemented to give more privilege to the connected user (ansible_user) for escalation authentication...
Bash Liste Des Attaques Ovh
Bash - Runuser

Runuser - run a shell with substitute user and group IDs, similar to su, but will not run Linux_PAMLinux Pluggable Authentication Modules (PAM) hooks Basic From the init library:
Weblogic Endeca Server Application
Endeca - Server (MDEX engine)

Oracle Endeca Server starts up (the default port is 7770) and is completely running when you see the STARTING message displayed in the output window. You can find out in the script the following java...
Init - SysV init Script

The init script are bash script that are run by the init daemon. see See sudo Each script will be run as a command and the structure of the command will look like: Where command is the actual...
Linux - Inittab (/etc/inittab)

System V init examines the /etc/inittab file for an :initdefault: entry, which tells init whether there is a default runlevel. If there is no default runlevel, then the user is dumped to a system console,...
Linux - User (Uid)

Every user who has access to a Linux system needs a login and a password. The root login is the super admin user. The term root may refer to: the root account (the superuser, who has permission...
Data System Architecture
Log - logrotate app

logrotate is an application running as a linux service that allows: * automatic rotation, * compression * removal, * and mailing of log files. Each log file may be handled daily, weekly, monthly,...
Card Puncher Data Processing
OS - Impersonation

After you have the user name, you can run scripts with su (unix/linux) or runas (windows).
Bash Liste Des Attaques Ovh
What is Sudo? (Switch User and do)

sudo is an command utility that: su: switch user su and do: execute a command In other words, it executes a command as another user. (ie it's a proxy authentication utility) It determines who...
What is the Wheel group on Linux?

The users of the wheel group are able to su to root. This usually consists of a group named “wheel” and a set of users that are permitted to use the utility ‘su’ in order to change to root. The...

Share this page:
Follow us:
Task Runner