# Su (Unix)

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Su_(Unix)
> Markdown URL: https://mediated.wiki/source/Su_(Unix).md
> Source: https://en.wikipedia.org/wiki/Su_(Unix)
> Source revision: 1355211035
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

{{Short description|Standard UNIX utility}}
{{lowercase title}}
{{Infobox software 
| name                   = su
| logo                   = 
| screenshot             = Su on Linux screenshot.png
| screenshot size        = 
| caption                = 
| author                 = {{Plainlist|
* [Dennis Ritchie](/source/Dennis_Ritchie)
* [Ken Thompson](/source/Ken_Thompson)
}}
| developer              = [AT&T Bell Laboratories](/source/AT%26T_Bell_Laboratories)
| released               = {{Start date and age|1971|11|3}}
| latest release version = 
| latest release date    = 
| operating system       = [Unix](/source/Unix) and [Unix-like](/source/Unix-like)
| genre                  = [Command](/source/Command_(computing))
| license                = 
| website                = 
}}
The [Unix](/source/Unix) command '''{{mono|su}}''', which stands for "substitute user"<ref>{{Cite web
 | url         = https://man7.org/linux/man-pages/man1/su.1.html
 | title       = su(1) - Linux manual page
 | date        = April 2, 2021
 | quote       = {{Mono|su - run a command with substitute user and group ID}}
}}</ref><ref>{{Cite web
 | url         = https://s3.amazonaws.com/plan9-bell-labs/7thEdMan/v7vol1.pdf
 | title       = Unix Programmer's Manual, Seventh Edition, Volume 1
 | page        = 174
 | date        = January 1, 1979
 | url-status  = live
 | archive-url = https://web.archive.org/web/20220120180645/https://s3.amazonaws.com/plan9-bell-labs/7thEdMan/v7vol1.pdf
 | archive-date= Jan 20, 2022
 | quote       = {{mono|su - substitute user id temporarily}}
}}</ref> (or historically "superuser"<ref>{{cite web
 | url         = https://www.bell-labs.com/usr/dmr/www/man13.pdf
 | title       = Unix Programmer's Manual
 | date        = November 3, 1971
 | page        = 17
 | url-status  = live
 | archive-url = https://web.archive.org/web/20220317213155/https://www.bell-labs.com/usr/dmr/www/man13.pdf
 | archive-date= March 17, 2022
 | quote       = {{mono|su -- become privileged user... su allows one to become the super-user.}}
}}</ref><ref>{{cite web
 | url         = https://www.bell-labs.com/usr/dmr/www/pdfs/manindex.pdf
 | title       = Unix Programmer's Manual - Table of Contents
 | date        = November 3, 1971
 | url-status  = live
 | archive-url = https://web.archive.org/web/20220317213356/https://www.bell-labs.com/usr/dmr/www/pdfs/manindex.pdf
 | archive-date=March 17, 2022
 | quote       = {{mono|su: become super-user}}
}}</ref>), is used by a computer user to execute commands with the privileges of another user account. When executed it invokes a [shell](/source/shell_(Unix)) without changing the current working directory or the user environment.

When the command is used without specifying the new user id as a [command line argument](/source/Command_line), it defaults to using the [superuser](/source/superuser) account (user id 0) of the system.

== History ==
The command {{mono|su}}, including the [Unix permissions](/source/Unix_permissions) system and the [setuid](/source/setuid) system call, was part of [Version 1 Unix](/source/Version_1_Unix). Encrypted passwords appeared in [Version 3](/source/Version_3_Unix).<ref name="reader">{{cite tech report
 | first1      = M. D.
 | last1       = McIlroy
 | authorlink1 = Doug McIlroy
 | year        = 1987
 | url         = https://www.cs.dartmouth.edu/~doug/reader.pdf
 | title       = A Research Unix reader: offticles annotated excerpts from the Programmer's Manual, 1971–1986
 | series      = CSTR
 | number      = 139
 | institution = Bell Labs}}</ref> The command is available as a separate package for [Microsoft Windows](/source/Microsoft_Windows) as part of the [UnxUtils](/source/UnxUtils) collection of [native](/source/Native_(computing)) [Win32](/source/Windows_API) [ports](/source/porting) of common GNU Unix-like utilities.<ref>{{Cite web|url=https://unxutils.sourceforge.net/|title=Native Win32 ports of some GNU utilities|website=unxutils.sourceforge.net}}</ref>

== Usage ==
When run from the command line, su asks for the target user's password, and if authenticated, grants the operator access to that account and the files and directories that account is permitted to access.

<syntaxhighlight lang="console">
john@localhost:~$ su jane
Password:
jane@localhost:/home/john$ exit
logout
john@localhost:~$ 
</syntaxhighlight>

When used with a [hyphen](/source/hyphen) ({{mono|su -}}) it can be used to start a login shell. In this mode users can assume the user environment of the target user.

<syntaxhighlight lang="console">
john@localhost:~$ su - jane
Password:
jane@localhost:~$
</syntaxhighlight>

The command [sudo](/source/sudo) is related, and executes a command as another user but observes a set of constraints about which users can execute which commands as which other users (generally in a configuration file named {{mono|/etc/sudoers}}, best editable by the command {{mono|[visudo](/source/visudo)}}). Unlike {{mono|su}}, {{mono|sudo}} authenticates users against their own password rather than that of the target user (to allow the delegation of specific commands to specific users on specific hosts without sharing passwords among them and while mitigating the risk of any unattended terminals).

Some [Unix-like](/source/Unix-like) systems implement the user group ''[wheel](/source/Wheel_(computing))'', and only allow members to become root with {{mono|su}}.<ref name=levi>{{cite book
 | title     = UNIX Administration: A Comprehensive Sourcebook for Effective Systems and Network Management
 | url     = https://archive.org/details/unixadministrati00levi_712
 | url-access = limited
 | first     = Bozidar
 | last      = Levi
 | publisher = CRC Press
 | year      = 2002
 | pages     = [https://archive.org/details/unixadministrati00levi_712/page/n217 207]
 | isbn      = 0-8493-1351-1}}</ref> This may or may not mitigate these security concerns, since an intruder might first simply break into one of those accounts. [GNU](/source/GNU) {{mono|su}}, however, does not support the group ''wheel'' for philosophical reasons. [Richard Stallman](/source/Richard_Stallman) argues that because the group would prevent users from utilizing root passwords leaked to them, the group would allow existing admins to ride roughshod over ordinary users.<ref>{{cite web
 | url         = https://ftp.gnu.org/old-gnu/Manuals/coreutils-4.5.4/html_node/coreutils_149.html
 | title       = Why GNU su does not support the 'wheel' group
 | access-date = May 30, 2022
 | url-status  = live
 | archive-url  = https://web.archive.org/web/20210621182110/https://ftp.gnu.org/old-gnu/Manuals/coreutils-4.5.4/html_node/coreutils_149.html
 | archive-date = June 21, 2021}}</ref>

== See also ==
* [Unix security](/source/Unix_security)
* [List of Unix commands](/source/List_of_Unix_commands)
* [Comparison of privilege authorization features](/source/Comparison_of_privilege_authorization_features)

== Further reading ==
* {{Cite web |date=2013-01-14 |title=From Novice to Master, and Back Again |url=https://blog.djmnet.org/2013/01/14/from-novice-to-master-and-back-again/ |access-date=2022-08-10 |website=D-Mac's Stuff |language=en}}

== References ==
{{Reflist}}

== External links ==
* [https://web.archive.org/web/20131210155635/http://www.gnu.org/software/coreutils/manual/html_node/su-invocation.html su]&nbsp;– manual pages from [GNU](/source/GNU) [coreutils](/source/coreutils).
* '''{{man|1|su|die.net}}'''
* {{man|1|su|FreeBSD}}
* {{man|8|su|Solaris}}
* [http://www.linfo.org/su.html The su command]&nbsp;– by The Linux Information Project (LINFO) ({{Webarchive |url=https://web.archive.org/web/20211020082958/http://www.linfo.org/su.html |date=20 October 2021}})

{{Unix commands}}

Category:Unix user management and support-related utilities
Category:System administration

{{unix-stub}}

---
Adapted from the Wikipedia article [Su (Unix)](https://en.wikipedia.org/wiki/Su_(Unix)) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Su_(Unix)?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
