How to Temporarily Change Accounts and Privileges

The su and sudo Commands

Businesswoman at desktop computer
Jupiterimages/Stockbyte/Getty Images

The su command is commonly used to temporarily login in to another account. The command name is short for "substitute user". However, it is often also referred to as the "super user" command, since most often it is used to temporarily log into the root account, which has full access to all system administration functions. In fact, if you don't specify which account you want to log in to, su assumes you want to log into the root account. This of course requires that you know the root password. In order to fall back to the regular user account, after login in to another account, you simply type exit and hit return.

So the basic use of su is to simply enter "su" at the command prompt:

su
root

Instead of actually loging in to another account you can specify the command you want to execute in the other account along with su command. That way you are immediately back to you regular account. For example:

su jdoe -c whoami

You can execute multiple commands in the other account by separating the them with semicolons and enclosing it with single quotes, as in this example:

su jdoe -c 'command1; command2; command3'
ls
grep
copy
jdoe

su jdoe -c 'ls; grep uid file1 > file2; copy file2 /usr/local/shared/file3'
su
sudo

sudo -u root ./setup.sh

After you have log in, you can continue to execute commands through the sudo command for a few minutes without having to specify the login (-u root) with every command.

If possible, it is better to do your regular work using an account with restricted privileges to avoid causing serious damage to the system by accident.

The following example shows how you can list the files of a protected directory with the following command:

sudo ls /usr/local/classified

sudo shutdown -r +20 "rebooting to fix network issue"