home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

UNIX Power Tools

UNIX Power ToolsSearch this book
Previous: 22.21 How to Change File Ownership Without chown Chapter 22
File Security, Ownership, and Sharing
Next: 23. Removing Files

22.22 The su Command Isn't Just for the Superuser

System administrators use the su command to become the superuser ( 1.24 ) . But you can use it for lots more:

  • Become another user temporarily, without logging off your account.

  • Become another user without tying up another terminal port.

  • Switch between multiple users any time (on systems with job control).

  • Do a "quick login" to another user's account, especially when the system is busy.

When you type:





UNIX starts a subshell ( 38.4 ) that runs as the user whoever . After you use the cd command to go to the user's home directory, you can run commands as if you'd logged into that account (more or less... see below).

22.22.1 Ending or Suspending

End the subshell and go back to the account where you typed su with the exit ( 38.4 ) command or a CTRL-d.

Or, on systems with job control ( 12.8 ) , you can stop the subshell temporarily and go back to the account where you started the su . To do that, type suspend if whoever 's shell has job control (most shells do); otherwise, enter CTRL-z at the shell prompt.

NOTE: If the su subshell doesn't have job control but your starting shell does, entering CTRL-z to any command you run from the subshell will stop the command and the subshell .

You can use suspend to start multiple su sessions from the same shell. You can go back to your original login, from any of those sessions, without losing your shell history, current directory, etc. Because these shells run on the same tty ( 3.8 ) as your login shell, su doesn't tie up other tty/pty ports like multiple logins or multiple windows can. This is helpful on busy machines with lots of users.

On any UNIX system, you can type exit (or use CTRL-d) to go back to the original login. But on systems with job control, you can su to several other users and jump back to your original login at any time. Job control lets you suspend an su and go back to the place you left off without typing another su (and password). Many shells have a suspend command that lets you do that. On other shells, you may be able to enter CTRL-z (your job suspend character) or make a command alias ( 10.4 ) to stop the current shell:


alias suspend='kill -STOP $$'

Here's a demo. I'm logged in to the account jerry on the computer wheeze . I've su ed to the superuser, sarah , and manuals accounts, too. I'm using job control to switch users:



[1]    Stopped      su
[2] -  Stopped      su sarah
[3] +  Stopped      su manuals


su manuals
Do stuff as manuals



fg %1

Do stuff as root



I use that so much that I've made a single-letter alias ( 10.2 ) named z that does a suspend .

22.22.2 Who Are You Now?

It's easier to jump between accounts if the shells' prompts ( 7.1 ) have the username in them, as shown above. If not, use the command whoami or id to see which user you are. Your system should have one or both; both GNU versions are on the CD-ROM. Also, to see your original login name (the account where you started the su ), try who am i (with spaces).

22.22.3 Problems You Might Have

Some System V versions don't change the environment variable HOME ( LOGDIR ) ( 14.11 ) to the right value for the account you su to. That means a cd command will take you to the home directory of your original login, not the home directory of your su ed account. Also, a C shell you start on the other account won't read your .cshrc file. The best fix for that is a shell script named su that sets the variable for you. The script is run by the C shell :-( ( 47.2 ) because csh has the ~ (tilde) operator ( 14.11 ) for finding the account's home directory. Add this script to a directory before /bin in your path ( 8.7 ) or make an alias or shell function that runs the script instead of the standard su .



#!/bin/csh -f
# su - fix incorrect $HOME and USER with system 'su' command
foreach arg ($argv)
   # find first non-option argument
   if ("x$arg" !~ x-*) then
      setenv HOME ~$arg
      setenv USER $arg
      exec /bin/su $argv:q
echo "$0 ERROR: can't find username."
exit 1

Another workaround for that is an alias with the name of the account I'm su ing to:


alias randi '(setenv HOME ~randi; setenv USER randi; su randi)'

There's another problem that can happen on any version of UNIX: the account you su to doesn't have permission ( 22.2 ) to access the current directory where you ran the su command. Then, you may get an error like getwd: can't stat . from the C shell on the account you su to. Or you may get no error but the su will fail. The fix for both problems is to cd to a world-access directory like / or /tmp before you run su . An alias can make that easy:


alias su '(cd /; \su \!*)'

You can also add the cd / command to this shell script if you want.

If the account you su to runs the C shell (and you don't use the -f option--see below), it will read the .cshrc file. If that .cshrc has hardcoded pathnames or commands that only the other account can run, the commands might fail. That can cause a variety of "fun" problems. Try replacing hardcoded pathnames like /home/ oldacct /bin with paths that use account-specific variables like $home/bin , ~/bin , and so on.

Plain su whoever doesn't read a C shell user's .login file or a Bourne shell user's .profile . Using su - whoever (see the section "Other su Features" at the end of this chapter) solves that, but you can't suspend an su - shell (at least not on my systems).

Finally, because the su command runs in a subshell ( 38.4 ) , environment variables ( 6.1 ) set in the account you su from will be passed into the subshell. That can be good or bad. For instance, your favorite EDITOR ( 6.3 ) ( vi , Emacs, or whatever) can be passed to the account you su to. But that account might also set a variable that you want to use. If you're wondering what's set after you su , type set for a list of shell variables, and either env or printenv ( 6.1 ) to see environment variables.

22.22.4 Quick Changes to Other Accounts

If your system is busy, it can take time to run through all the commands in the other user's .cshrc file. The su command can pass arguments to the subshell it starts, though. If the other account uses C shell, the -f option tells it not to read the .cshrc file (for example, su -f whoever ). You won't get that account's .cshrc setup, but you will start to work on it sooner.

If logging in on your system takes a long time and you want to switch to another account permanently, you can exec ( 45.7 ) the su command:


exec su 


That makes a weird situation where the who ( 51.4 ) command will show you logged on as your original account, but you'll be running as whoever (the whoami or id command will tell you that). Also, because the su shell isn't a login shell ( 2.8 ) , the logout command won't work; you'll need to type exit instead. So, exec su is a little tricky-but it's fast.

22.22.5 Other su Features

The command su -e , which may also be called su -m or su -p , switches to the other user's account but keeps the environment you have now. That's handy when you're having trouble with the other user's environment or want to keep your own. (Some su s do -m by default, more or less. Use env or printenv ( 6.1 ) to see what you get.)

The command su - simulates a full login to the other account. If the other account runs the Bourne shell, the .profile will be read. For the C shell, both .cshrc and .login will be read. You can't suspend a su - subshell. When you log out though, you'll be back in your original account's shell.

- JP

Previous: 22.21 How to Change File Ownership Without chown UNIX Power Tools Next: 23. Removing Files
22.21 How to Change File Ownership Without chown Book Index 23. Removing Files

The UNIX CD Bookshelf Navigation The UNIX CD BookshelfUNIX Power ToolsUNIX in a NutshellLearning the vi Editorsed & awkLearning the Korn ShellLearning the UNIX Operating System