Su (Unix)
Encyclopedia
The su command, also referred to as super user substitute user, spoof user, set user or switch user, allows a computer operator to change the current user account associated with the running virtual console
.
By default, and without any other command line argument, this will elevate
the current user to the superuser
of the local system.
Additionally, one can switch to another user who is not the superuser; e.g. su jane.
It should generally be used with a hyphen
by administrator
s (su -, which is identical to su - root), which can be used to start a login shell. This way users can assume the user environment of the target user:
A related command called sudo
executes a command as another user but observes a set of constraints about which users can execute which commands as which other users (generally in a configuration file named /etc/sudoers, best editable by the command visudo). Unlike su, sudo authenticates users against their own password rather than that of the target user (to allow the delegation of specific commands to specific users on specific hosts without sharing passwords among them and while mitigating the risk of any unattended terminals).
Some Unix-like systems have a wheel group of users, and only allow these users to su to root. This may or may not mitigate these security concerns, since an intruder might first simply break into one of those accounts. GNU
su, however, does not support a wheel group; this was done for philosophical reasons.
Virtual console
A virtual console – also known as a virtual terminal – is a conceptual combination of the keyboard and display for a computer user interface. It is a feature of some operating systems such as UnixWare, Linux, and BSD, in which the system console of the computer can be used to switch between...
.
By default, and without any other command line argument, this will elevate
Privilege escalation
Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user...
the current user to the superuser
Superuser
On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor....
of the local system.
Usage
When run from the command line, su asks for the target user's password, and if authenticated, grants the operator access to that account and the files and directories that account is permitted to access.Additionally, one can switch to another user who is not the superuser; e.g. su jane.
It should generally be used with a hyphen
Hyphen
The hyphen is a punctuation mark used to join words and to separate syllables of a single word. The use of hyphens is called hyphenation. The hyphen should not be confused with dashes , which are longer and have different uses, or with the minus sign which is also longer...
by administrator
Superuser
On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor....
s (su -, which is identical to su - root), which can be used to start a login shell. This way users can assume the user environment of the target user:
A related command called sudo
Sudo
sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user...
executes a command as another user but observes a set of constraints about which users can execute which commands as which other users (generally in a configuration file named /etc/sudoers, best editable by the command visudo). Unlike su, sudo authenticates users against their own password rather than that of the target user (to allow the delegation of specific commands to specific users on specific hosts without sharing passwords among them and while mitigating the risk of any unattended terminals).
Some Unix-like systems have a wheel group of users, and only allow these users to su to root. This may or may not mitigate these security concerns, since an intruder might first simply break into one of those accounts. GNU
GNU
GNU is a Unix-like computer operating system developed by the GNU project, ultimately aiming to be a "complete Unix-compatible software system"...
su, however, does not support a wheel group; this was done for philosophical reasons.
See also
- Unix securityUnix securityUnix security refers to the means of securing a Unix or Unix-like operating system. A secure environment is achieved not only by the design concepts of these operating systems, but also through vigilant user and administrative practices.- Permissions :...
- List of Unix programs
- Comparison of privilege authorization featuresComparison of privilege authorization featuresA number of computer operating systems employ security features to help prevent malicious software from gaining sufficient privileges to compromise the computer system...
External links
- su — manual pages from GNUGNUGNU is a Unix-like computer operating system developed by the GNU project, ultimately aiming to be a "complete Unix-compatible software system"...
coreutils. - The su command — by The Linux Information Project (LINFO)
- Definition of su — dictionary.die.net