su
Linux Commands - Managing Rights

su

This important command will run a shell of another user while you are logged in as yourself. The classic example of this command is when you are logged in as a normal user but you need root privileges to complete one action, like install a program.


Example:

su root


Then you would be asked for a password of root. Once you had completed the action necessary you could return to the normal user with the exit command:


exit



Options

- l login shell

-c command this will pass the command to the shell instead of starting an interactive shell

-m leaves the HOME< USER, LOGNAME AND SHELL as they are

-s SHELL this runs SHELL instead of the user's shell

- - help help



su root -c command


This will allow you to become root for the command that is needed. Here is an example:


su root -c mount /mnt/floppy



Whenever you use this command you will be required to put in the root user password, this protects users from making modifications to the system. This also provides you as the administrator the opportunity to run the system as a normal user but still make changes if necessary.



Example:


su root -c eject /cdrom


This will eject the cdrom, which requires root access.



Using the sudo Command


sudo looks at a file to determine who can use the command. The file is /etc/sudoers. The default sudoers file in DSL looks like this:



#sudoers file


root ALL=(ALL) ALL


knoppix ALL=NOPASSWD: ALL

dsl ALL=NOPASSWD: ALL


This file allows root, of course but it also allows the users knoppix and dsl to become root without a password. This may not be such a bid problem with a home system but if you use this as a firewall or server you should certainly change it. Here is how to correct the problem.


Become the root user by using

sudo su


or the


su


Once you are root edit the /etc/sudoers file with vi and place a # mark in front of the two users that you would like to eliminate for sudoers. The example shows both users have been eliminated from the sudoers now. The only way to obtain root privileges is to use the su command and enter the root password.


#sudoers file


root ALL=(ALL) ALL


# knoppix ALL=NOPASSWD: ALL

# dsl ALL=NOPASSWD: ALL



Example on becoming root after the change:


su root