Why Do We Use su – and Not Just su


Introduction

The Linux operating system is a powerful tool that offers a wide range of features and functionalities to its users. One of most common tasks performed by system administrators on Linux systems is to switch to root user account using su command. However, in some cases, it is recommended to use su – instead of just su. In this article, we will explore reasons behind using su – and provide examples of how it can be beneficial.

What is difference between su and su –?

The su command is used to switch to another user account on system, typically root account. When you type su followed by name of user you want to switch to, system prompts you for password of that user. Once you enter correct password, you are granted access to that user's account.

The su – command, on other hand, not only switches to target user account but also creates a new shell environment with that user's environment variables. This means that any changes made to environment variables, such as PATH or HOME, will be applied to new shell.

Why use su – instead of just su?

There are several reasons why using su – can be more beneficial than just su. Let's explore some of these reasons below.

Environment Variables

As mentioned above, su – creates a new shell environment with target user's environment variables. This is useful if you need to run commands that rely on specific environment variables. For example, let's say you need to run a command that is located in a directory that is not in system's PATH variable. If you just use su, command will not be found because PATH variable has not been updated to include directory. However, if you use su –, new shell environment will have updated PATH variable, and command will be found.

Home Directory

When you use su –, new shell environment will have target user's home directory as its current working directory. This can be useful if you need to perform operations that require access to target user's home directory. For example, if you need to edit a file that is located in target user's home directory, it is easier to just use su – and have home directory already set as current working directory.

Resource Allocation

When you use su –, new shell environment will also have target user's resource limits and ulimit values. This can be useful if you need to run a command that requires more resources than current user account is allowed. For example, if you need to run a process that requires more open files than current user account is allowed, you can use su – to switch to root account and have access to more resources.

Examples

Let's take a look at some examples of when using su – can be more beneficial than just su.

Example 1: Running a command with updated environment variables

Suppose you need to run a command that is located in a directory that is not in system's PATH variable. If you just use su, command will not be found because PATH variable has not been updated to include directory. However, if you use su –, new shell environment will have updated PATH variable, and command will be found.

To illustrate this, let's say you have a command called mycommand located in directory /opt/myapp/bin. If you just use su, you will not be able to run command because system's PATH variable does not include directory /opt/myapp/bin. However, if you use su –, new shell environment will have updated PATH variable, and you can run command like this −

su - root password: mycommand

Example 2: Accessing a file in target user's home directory

Suppose you need to edit a file that is located in target user's home directory. It is easier to just use su – and have home directory already set as current working directory.

To illustrate this, let's say you need to edit a file called myconfig.txt that is located in home directory of user 'user1'. If you just use su, you will be switched to 'user1' account, but current working directory will be same as previous user's working directory. However, if you use su –, new shell environment will have 'user1' home directory as current working directory, and you can edit file like this −

su - user1 password: cd ~ vi myconfig.txt

Example 3: Running a process with more resources

Suppose you need to run a process that requires more resources than current user account is allowed. You can use su – to switch to root account and have access to more resources.

To illustrate this, let's say you need to run a process that requires more open files than current user account is allowed. If you just use su, you will be switched to root account, but resource limits and ulimit values will be same as previous user's account. However, if you use su –, new shell environment will have root account's resource limits and ulimit values, and you can run process like this −

su - password: ulimit -n 5000 myprocess

Best Practices for Using su

While su – can be very useful, it is important to be careful when using it. Here are some best practices to follow when using su – 

  • Use su – only when necessary − While su – can be helpful, it is not always necessary. If you just need to run a command as root user, then using su is sufficient.

  • Use sudo instead of su –  In many cases, it is better to use sudo command instead of su –. sudo allows you to run a command with elevated privileges without switching to root user account.

  • Use su – with caution − When you use su –, you are essentially running commands as root user. This can be dangerous if you are not careful. Make sure to double-check any commands you run with su – to make sure they are safe.

  • Keep track of environment changes − When you use su –, environment variables can change, which can cause unexpected behavior. Be sure to keep track of any changes made to environment variables and make sure they do not cause problems.

  • Log out of root user account − When you are finished using root user account, be sure to log out of it. This will prevent any accidental changes from occurring while you are not paying attention.

Examples of When Not to Use su

While su – can be useful, there are times when it is better not to use it. Here are some examples of when not to use su – −

  • Running a simple command − If you just need to run a simple command with elevated privileges, then using su is sufficient. There is no need to use su – if you do not need to change environment variables or access root user's home directory.

  • Running a command with a specific environment − If you need to run a command with a specific environment, it is better to use env command instead of su –. This allows you to set environment variables without changing user account.

  • Running a command that does not require elevated privileges − If command you need to run does not require elevated privileges, then using su – is unnecessary.

Conclusion

In conclusion, su – command is more beneficial than just su in several cases, as it creates a new shell environment with target user's environment variables, home directory, and resource limits. This can be useful for running commands with updated environment variables, accessing files in target user's home directory, and running processes with more resources. As a system administrator, it is essential to understand differences between su and su – and when to use each command to perform your tasks efficiently.

Updated on: 23-Mar-2023

872 Views

Kickstart Your Career

Get certified by completing the course

Get Started
Advertisements