Why Do We Use su – and Not Just su

The Linux operating system is a powerful tool that offers a wide range of features and functionalities to its users. One of the most common tasks performed by system administrators on Linux systems is to switch to the root user account using the su command. However, in some cases, it is recommended to use su - instead of just su. In this article, we will explore the reasons behind using su - and provide examples of how it can be beneficial.

What is the Difference Between su and su -?

The su command is used to switch to another user account on the system, typically the root account. When you type su followed by the name of the user you want to switch to, the system prompts you for the password of that user. Once you enter the correct password, you are granted access to that user's account.

The su - command, on the other hand, not only switches to the target user account but also creates a login shell environment with that user's complete environment variables. This means that any changes made to environment variables, such as PATH or HOME, will be applied to the new shell.

Why Use su - Instead of Just su?

There are several reasons why using su - can be more beneficial than just su. Let's explore some of these reasons below.

Environment Variables

As mentioned above, su - creates a new shell environment with the target user's environment variables. This is useful if you need to run commands that rely on specific environment variables. For example, if you need to run a command that is located in a directory that is not in the system's PATH variable, using just su will not update the PATH variable. However, with su -, the new shell environment will have the updated PATH variable, and the command will be found.

Home Directory

When you use su -, the new shell environment will have the target user's home directory as its current working directory. This can be useful if you need to perform operations that require access to the target user's home directory. For example, if you need to edit a file that is located in the target user's home directory, it is easier to use su - and have the home directory already set as the current working directory.

Resource Allocation

When you use su -, the new shell environment will also have the target user's resource limits and ulimit values. This can be useful if you need to run a command that requires more resources than the current user account is allowed. For example, if you need to run a process that requires more open files than the current user account allows, you can use su - to switch to the root account and have access to more resources.

Examples

Let's examine some practical examples of when using su - can be more beneficial than just su.

Example 1: Running Commands with Updated Environment Variables

Suppose you have a command called mycommand located in the directory /opt/myapp/bin. If you use just su, the command may not be found because the system's PATH variable doesn't include that directory.

# Using su (may fail)
$ su root
Password: 
# mycommand
bash: mycommand: command not found

# Using su - (works correctly)
$ su - root
Password: 
# mycommand
Command executed successfully

Example 2: Accessing Files in Target User's Home Directory

When editing configuration files in a user's home directory, su - automatically places you in the correct location.

# Using su - automatically sets correct working directory
$ su - user1
Password: 
$ pwd
/home/user1
$ vi .bashrc

Example 3: Running Processes with Proper Resource Limits

For processes that require specific resource limits, su - ensures the target user's limits are applied.

$ su - root
Password: 
# ulimit -n
65536
# ./resource_intensive_process
Process started with proper limits

Comparison

Best Practices

While su - can be very useful, it is important to be careful when using it. Here are some best practices to follow:

• Use su - only when necessary If you just need to run a command as root user, then using su may be sufficient.

• Consider sudo instead of su - In many cases, it is better to use the sudo command instead of su -. sudo allows you to run commands with elevated privileges without switching to the root user account.

• Use su - with caution When you use su -, you are essentially running commands as the root user. This can be dangerous if you are not careful. Always double-check commands before execution.

• Keep track of environment changes When you use su -, environment variables change, which can cause unexpected behavior. Be aware of these changes.

• Log out properly When finished using the root user account, be sure to log out to prevent accidental changes.

When Not to Use su -

There are situations where su - may not be the best choice:

• Running simple commands If you only need to run a simple command with elevated privileges, using su may be sufficient.

• Preserving current environment If you need to maintain your current environment variables, su without the dash is more appropriate.

• Quick administrative tasks For brief administrative tasks, sudo is often more secure and convenient than either su variant.

Conclusion

The su - command creates a complete login shell environment with the target user's environment variables, home directory, and resource limits. This makes it more beneficial than just su for tasks requiring a clean user environment, proper PATH variables, or access to user-specific configurations. Understanding the differences between su and su - is essential for system administrators to perform tasks efficiently and securely.