How to Switch Users in a Linux Shell

By Steve McDonnell

Linux has three types of accounts: system, user and root. A user logs in her Linux user account by typing her username and password. System processes, such as mail, also log in to Linux when they start. The root account is a special user account with unrestricted privileges to perform any operation. Provided that you know the password to another account and that the account permits user logins, you can switch users in Linux with the "su" command, commonly referred to as the "substitute user," "super user" or "switch user" command.

The su Command

To change to a different user and create a session as if the other user had logged in from a command prompt, type "su -" followed by a space and the target user's username. Type the target user's password when prompted. If you omit the hyphen, you log in to the other user's account with your environment variables, which might cause different results from what the user would experience when logging in to the system. Type "exit" and press "Enter" to log out of the account and return to the previous user session.

The Root Account

Only a few experienced and trusted users can typically log in as the root user on most Linux systems, because the root user can read, modify and delete any file or setting on the server. To prevent a hacker from logging in as "root," many Linux systems require that a root session be initiated from another user session with the "su" command. When you type "su -" without a username and press "Enter," the system assumes you want to log in as the root user and prompts you for the root user password.

Security Risks With su

The su command requires behavior that's contrary to most network security policies and procedures. For example, if you switch users in Linux with the su command, the other user must tell you his password. System administrators who switch to the root user must share a single root password among themselves. While this arrangement might not be a concern for a hobbyist network with three user accounts, it is an unacceptable security risk in many professional Linux networks, and many network security policies require that the command is disabled.

The sudo Utility

A utility named "sudo" is a popular and more secure alternative to the su command. A sudo configuration file contains a list of users who can switch to other accounts, such as the root account. When a user prefixes a command with the word "sudo," he's prompted for his own password, and the system executes only that command as the root user. With sudo, there's no risk of compromising the root password or forgetting to log out of the root account.