As Linux administrators, you have to go through tons of things like securing the system against unknown access and creating standard users instead of allowing direct root access.
Sometimes, even the normal user requires some extra privileges depending upon their role. Switching to a different user or accessing a root account is one of them.
However, there are no single but multiple ways to switch to a different user or superuser in Linux. It may create confusion for beginners as to which command to use and which command is relevant in which situation.
Today, in this beginner’s guide, you will learn about the different ways and how they differ from each other, and when to use them to switch to another user or get root access in Linux.
Table of Contents
su command is the most basic command to switch a current user to another account or superuser without changing the current working directory and user environment.
The usage is pretty simple. If you want to switch to any specific user, like
trendoceans, then specify the
username as an argument and then it will ask for a user password that you need to enter in order to get account access, as shown below.
trendoceans@linux:~$ su jake Password: $ whoami jake
To switch to a superuser or root account, execute
su without any arguments, and then it will ask for the root account password, as shown below.
trendoceans@linux:~$ su Password: root@linux:/home/trendoceans# whoami root
As you see, the
su command is effective for switching to another account or superuser if you know their account password. However, it also prevents a user from accessing the account if they do not know the target account password.
For example, in order to access the root account, I need to know the root account password; otherwise, I’ll not be able to gain access.
But don’t worry, there are a few more ways to access another user’s account or gain access to superusers without knowing their password, which we are about to learn.
sudo su is similar to the standard
su command, only the difference is that executing
su will ask for that user account password. However, using
sudo su to switch to another user account or superuser requires the current user password.
Note: Giving access to
sudowill let users switch to any account using the
sudo sucommand, which might be unnecessary for them and system security. It is recommended to give access to
suto only trusted users and disable them for untrusted users.
Also Read: Revoke Users SUDO privileges in Linux
As you see below, I will try to access the
jake account without knowing its password but using my current password.
trendoceans@linux:~$ sudo su jake [sudo] password for trendoceans: $ whoami jake
Same with the superuser account, which will require my current password when accessed using the
sudo su command.
trendoceans@linux:~$ sudo su [sudo] password for trendoceans: root@linux:/home/trendoceans# whoami root
When you access or switch to another user account, you are able to set environment variables. However,
sudo su creates multiple
setuid which makes it more challenging to know which variable will be kept and which one will be changed.
To prevent it from happening and get a cleaner version we will use the
sudo -i command, which you are about to learn.
It is similar to the
sudo su command but way better because you do not have to directly interact with the root user.
For example, if you want to execute the
whoami command without switching to the user, then specify the command as an argument to the
sudo -i command and then it will ask for the current account password, as shown below.
trendoceans@linux:~$ sudo -i whoami [sudo] password for trendoceans: root
If you want to completely switch to the root account, then execute the
sudo -i command without any arguments.
trendoceans@linux:~$ sudo -i [sudo] password for trendoceans: root@linux:~# whoami root
And the best part about using this command is that you can share the environment variables with the root account without worrying about them being changed.
trendoceans@linux:~$ test=this_is_variable trendoceans@linux:~$ echo $test this_is_variable trendoceans@linux:~$ sudo -i echo $test [sudo] password for trendoceans: this_is_variable
As you can see,
sudo su and
sudo-i are very identical, only
sudo -i is a cleaner and simpler way to gain root access without directly interacting with the root user.
Also Read: How to run sudo command without password
Another difference is that
sudo -i does not create multiple
setuid commands in the background, which makes it easier to figure out which environmental variable will be kept and which one will be changed.
It allows you to run the command as root and does not require a root account password. Do you think it is similar to the above two commands? Then you are wrong. The other
sudo su and
sudo -i commands take the user of root environment variables.
Unlike the other two commands, it will not read or change any of the user’s environmental files. It is best used when you want to access the root account with its
$SHELL environmental value.
trendoceans@linux:~$ sudo -s [sudo] password for trendoceans: root@linux:/home/trendoceans# whoami root
su: will allow you to switch to any user account or superuser account with their account password.
sudo su: can also be used to switch to any normal or root user account with your current password.
sudo -i: This allows you to interactively access the root account without direct access using your current password.
sudo -s: This allows you to access the root account without touching the environment files using your current password. By default, when you execute any command with
sudo in front of it, it will use this method for execution.
If you are still confused about which approach to follow, then I recommend you use any of the
sudo -i or
sudo -s commands.
But remember, both are not 100% great choices. Most of the time, it depends upon the situation which command is most suitable to get the job done.
If you still have any confusion or questions, then do let us know in the comment section.
Innovative tech mind with 12 years of experience working as a computer programmer, web developer, and security researcher. Capable of working with a variety of technology and software solutions, and managing databases.