Learn Linux in 3 Days (2015)
SWITCHING USERS AND RUNNING COMMANDS AS OTHERS
One way to start a session as another user on the system is to use thesucommand. If no arguments are supplied tosu, it assumes you are trying to become the superuser. Executingsuis the same as executingsu root. Your current environment is passed to the new shell unless you specify a hyphen (-). In that case,su creates an environment like you would expect to see had you logged in as that user.
su [username] - Change user ID or become superuser
- - A hyphen is used to provide an environment similar to what the user would expect had the user logged in directly.
-c command - Specify a command to be executed. If the command is more than one word in length, it needs to be quoted.
bob@linuxsvr:~$ export TEST=1
bob@linuxsvr:~$ su oracle
oracle@linuxsvr:/home/bob$ echo $TEST
bob@linuxsvr:~$ su - oracle
oracle@linuxsvr:~$ echo $TEST
bob@linuxsvr:~$ su -c 'echo $ORACLE_HOME' oracle
bob@linuxsvr:~$ su -c 'echo $ORACLE_HOME' - oracle
If you want to know what user you are working as, run thewhoami command.
whoami - Displays the effective username.
$ su oracle
Sudo - Super User Do
Another way to switch users or execute commands as others is to use thesudocommand. Sudo allows you to run programs with the security privileges of another user. Likesu, if no username is specified it assumes you are trying to run commands as the superuser. This is why sudo is referred to as super user do. It is commonly used to install, start, and stop applications that require superuser privileges.
sudo - Execute a command as another user, typically the superuser.
One advantage of usingsudoover thesucommand is that you do not need to know the password of the other user. This can eliminate the issues that arise from using shared passwords and generic accounts. When you execute thesudo command you are prompted for your password. If the sudo configuration permits access, the command is executed. The sudo configuration is typically controlled by the system administrator and requires root access to change.
Here are the common ways to use thesudo command.
sudo -l - List available commands.
sudo command - Run command as the superuser.
sudo -u root command - Same assudo command.
sudo -u user command - Run command as user.
sudo su - Switch to the superuser account.
sudo su - - Switch to the superuser account with an environment like you would expect to see had you logged in as that user.
sudo su - username - Switch to the username account with an environment like you would expect to see had you logged in as that user.
$ sudo -l
User bob may run the following commands on this host:
(root) NOPASSWD: /etc/init.d/apache2
(fred) NOPASSWD: /opt/fredApp/bin/start
(fred) NOPASSWD: /opt/fredApp/bin/stop
(root) /bin/su - oracle
$ sudo /etc/init.d/apache2 start
* Starting web server apache2
$ sudo -u fred /opt/fredApp/bin/start
Fred's app started as user fred.
$ sudo su - oracle
[sudo] password for bob:
The output ofsudo -ldisplays what commands can be executed with sudo and under which account. In the above example, sudo will not prompt for a password for the commands preceded withNOPASSWD. This type of configuration may be required to automate jobs via cron that require escalated privileges.
· The su command
· Sudo - The official sudo website.
· Ubuntu Sudo Documentation