How to Temporarily Change Accounts and Privileges

The su and sudo Commands

Businesswoman at desktop computer

Jupiterimages / Stockbyte / Getty Images

The su command is commonly used to temporarily login in to another account. The command name is short for "substitute user". However, it is often also referred to as the "super user" command, since most often it is used to temporarily log into the root account, which has full access to all system administration functions. In fact, if you don't specify which account you want to log in to, su assumes you want to log into the root account. This, of course, requires that you know the root password. In order to fall back to the regular user account, after login in to another account, you simply type exit and hit return.

Using the su Command

So the basic use of su is to simply enter "su" at the command prompt:

su

root

Instead of actually logging into another account you can specify the command you want to execute in the other account along with su command. That way you are immediately back to your regular account. For example:

su jdoe -c whoami

You can execute multiple commands in the other account by separating the them with semicolons and enclosing it with single quotes, as in this example:

su jdoe -c 'command1; command2; command3'

ls

grep

copy

jdoe

su jdoe -c 'ls; grep uid file1 > file2; copy file2 /usr/local/shared/file3'

su

sudo

sudo -u root ./setup.sh

After you have log in, you can continue to execute commands through the sudo command for a few minutes without having to specify the login (-u root) with every command.

If possible, it is better to do your regular work using an account with restricted privileges to avoid causing serious damage to the system by accident.

The following example shows how you can list the files of a protected directory with the following command:

sudo ls /usr/local/classified

broadcast message

sudo shutdown -r +20 "rebooting to fix network issue"