HB Computer Security | Aide Memoire
  • Introduction
  • Core Technical Skills
    • Core Skills
      • Linux
        • Getting to Know Linux
          • Using the Shell
            • Shells, Terminals, and Virtual Consoles
            • Choose your Shell
            • Shell Commands
              • Non-PATH Commands
              • Command History
                • Command Line Editing
                  • Keystrokes for Navigating Command Lines
                  • Keystrokes for Editing Command Lines
                  • Keystrokes for Cutting and Pasting Text from within Command Lines
                • Command Line Recall
                  • Keystrokes for Command Line Recall
              • Connecting and Expanding Commands
                • Piping Between Commands
                • Sequential Commands
                • Expanding Commands
            • Shell Variables
              • Common Shell Variables
            • Aliases
            • Create your Own Shell Environment
              • Modification Ideas
          • Navigating the Linux File System (LFS)
            • Filesystem Commands
            • Listing Files and Directories
            • File Permissions and Ownership
              • Modifying Permissions with chmod
              • Modifying Default Permissions with umask
              • Change File Ownership with chown
            • Copying, Moving, and Removing Files
            • Finding Files
              • locate
              • find
              • grep
            • Downloading Files
              • axel
              • wget
              • curl
                • User-Agent: Googlebot
          • Working with Text Files
            • Using vim and vi to Edit Text Files
              • Starting with vi
              • Adding Text
              • Moving Around in the Text
            • Text Manipulation
        • System Administration
          • Installing Linux
            • Installing from Live Media
            • Installing in the Enterprise
            • Partitioning Hard Disks
              • Tips for Creating Partitions
          • Account Administration
            • The root Account
              • Becoming root with su
              • sudo
                • The /etc/sudoers File
                • Granting sudo privileges
                  • visudo Guidance
                • Useful sudo Hints
            • Other Administrative Accounts
            • Standard User Accounts
              • Risks of userdel: Orphaned Files
          • Graphical Remote Administration
            • Cockpit
              • Installation Guide
            • Remote Desktop Protocol with xrdp
              • Installation and Configuration
            • Remote Desktop with vnc
              • Installation and Configuration
              • Running VNC as a System Service
          • Managing Running Processes
            • Listing Processes
              • ps
              • top
              • htop
            • Backgrounding and Foregrounding
              • Starting a Background Process
              • Using Foreground and Background Commands
            • Killing and Recining Processes
              • kill and killall
          • Managing Software
            • Managing Software from the Desktop
            • Going Beyond the Limitations of Software Center
              • Debian Packages
                • Advanced Package Tool (apt)
                • Repositories
                • dpkg
        • Shell Scripting
          • Variables
            • Command Substitution
            • Arguments
          • Reading User Input
          • if, else, and elif
          • BOOLEAN Logic
          • Loops
            • for Loops
            • while Loops
          • Functions
          • Local Vs Global Variables
          • Summary
        • Securing Linux
      • Windows
        • Security Hardening
Powered by GitBook
On this page
  • su Limitation: root User Environment

Was this helpful?

  1. Core Technical Skills
  2. Core Skills
  3. Linux
  4. System Administration
  5. Account Administration
  6. The root Account

Becoming root with su

PreviousThe root AccountNextsudo

Last updated 1 year ago

Was this helpful?

If you're already logged in as a regular user and want to make a quick admin change, you don't have to go through the hassle of logging out and logging back in as root. This could also be the case if you're trying to get into a Linux system over the network, and it doesn't let root users log in remotely for security reasons.

That's where the su (Substitute User) command comes in handy. It lets you "switch over" to another user account on the fly if you know the password.

Most of the time, su is used to swap to the root account from a standard user.

If you try to use su on a system where a password has not been set for root (typical in default Ubuntu installs), you will notice that you receive an authentication error:

You can overcome this by using the sudo command, assuming that the user you are logged in with is a member of the sudo group.

We will look at sudo more in depth next, but at this point all you need to recognise is that as a member of the sudo group, any commands you execute leveraging sudo will be executed with root privileges.

Therefore, to authenticate as root, a sudo user can preface su with sudo, and when authenticating with their own password, the user will then become root:

Using this type of configuration adds security to the use of the root account, and is considered best practice.

When the root account DOES have a password set, then using su is super simple:

su

When prompted, simply type the root user’s password. The prompt for the regular user ($) changes to the superuser prompt (#):

At this point, you have full permission to run any command and use any file on the system.

su Limitation: root User Environment

one thing that the su command doesn’t do when used this way is read in the root user’s environment. As a result, you may type a command that you know is available and get the message Command Not Found.

To fix this problem, use the su command with the dash (-) option instead like this:

su -

You still need to type the password as before, but after that everything that normally happens at login for the root user happens after the su command is completed. Your current directory will be the root home directory - probably /root, and things such as the root user’s PATH variable are used. If you become the root user by just typing su, rather than su -, you don’t change directories or the environment of the current login session.

When you use the su command with a username and the dash option, like su - john, you'll be logging in as the user named 'john', assuming you enter the correct password. This is quite handy for diagnosing issues that only affect a specific user's account, like trouble with printing documents or sending emails.

If you're already logged in as the root user and use the su command to switch to another user, you won't be prompted for a password because you have root privileges. For instance, if you're root and you type su - john, you'll switch to John's user without needing to enter his password. This is because, as root, you have the authority to assume the identity of any user on the system.

However, if you're logged in as a regular user and want to switch to another user account using su - username, you will need to enter the password for that user account. Failing to provide the correct password will result in a denial of access. This security measure ensures that only authorized users can access specific user accounts on the system.

Ubuntu default installation, where root has no password set
A user, as a member of the sudo group, is able to switch to the root account via sudo su
Using su to become root
Logging in as root via su, assuming the root user environment