Mastering the su Command: Switching Users and Managing Root Access in Linux

The superuser (root) holds the highest privileges in a Linux operating system, allowing operations on any file, directory, or process. Some resources, such as the /proc filesystem, remain read‑only even for root.

System‑wide administration tasks—including hardware management, filesystem handling, user account creation, and global configuration—often require root privileges. When a normal user attempts a privileged command (e.g., useradd), the system prompts for elevated rights.

Granting Root Privileges to a Normal User

The su command (short for “switch user”) lets a user change to another account. By default, su without an argument switches to the root account, requiring the root password. The session remains active until the user logs out; there is no automatic timeout.

Using su

Basic syntax: su [username]. If username is omitted, root is assumed.

Options: -c, --command: Execute a command in the target user’s environment, then exit. -l, --login: Simulate a full login, changing to the target user’s environment.

For detailed usage, consult man su.

Practical Examples

Assume a normal user handuoduo needs to add a new user, which requires root rights.

Two approaches:

Log out and log back in as root (less convenient).

Stay logged in as handuoduo and invoke su to switch to root, perform the task, then exit.

Example of switching without parameters (default root, no environment change):

#普通用户切换到root用户
$ whoamihanduoduo
$ su
Password:
$ whoamiroot

Switching with the - option changes to root’s login environment, including environment variables such as PATH:

# 普通用户切换到root用户并改变环境变量
$ whoami
handuoduo
$ su
Password:
$ whoami
root
$ echo $PATH
/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/handuoduo/bin
$ exit
exit
$ su -
Password:
$ whoami
root
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

Another equivalent sequence using su - root:

$ whoami
handuoduo
$ su
Password:
$ whoami
root
$ echo $PATH
/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/handuoduo/bin
$ exit
exit
$ su - root
Password:
$ whoami
root
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

Advantages and Disadvantages of su

Using su simplifies management by allowing a normal user to temporarily acquire full root privileges. However, sharing the root password among multiple users introduces security risks: any user with the password can perform any action, potentially leading to system compromise or data loss.

As the saying goes, “There are no insecure systems, only insecure people.” If ten users each have root access, a single mistake can jeopardize the entire environment, making su less suitable for collaborative administration.

Summary

su - root

and su root both switch to the root account; the former also loads root’s environment variables.

Omitting a username defaults to root.

Without the - option, the current environment variables are retained.

The - (or -l) option changes to the target user’s login environment. su grants root execution rights but does not automatically provide root’s environment unless - is used.

Using su - gives both root privileges and root’s environment variables.