FedoraThis forum is for the discussion of the Fedora Project.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Has the [ su - ] command been around as long as [ su ] and what's the difference between the two?
I can see they don't act exactly the same when switching back to user, and the two prompts aren't the same but I can't tell what's going on under the surface.
Switching back to user, [ su - user ] asks for user's password whereas [ su user ] does not.
"su" means "take on root's powers, but keep user's environment"
"su -" means "become root, including environment" e.g.: you'll note that "su -" puts you in the /root directory. On some systems it also gives you a different PATH
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
Rep:
The su utility has been around since... well, at least 25 years that I know of; I first remember it in Unix System V R3, and certainly in Unix System V R4. It's purpose is to let you "become another user" without having to log out and log back in as that user (it predates sudo by decades).
Without the dash you retain your environment, with the dash you get the environment of the user you're becoming (the shell executes the environment settings for that user; /etc/profile,.profile,.exrc, etc.). So, if you execute su - you become user root with root's environment set as if you logged in as root. If you su - user the same thing happens; i.e., you log in as that user.
If you're logged in as root (or su -) you will not be prompted for a password to su - user; if you're not logged in as root and execute su - user, you will have to respond with password for that user (root doesn't have to provide passwords to do anything).
There has been a change recently in this default behavior with the use of /etc/login.defs where su - does not set the environment to that of the su'd user at least in Slackware 12.0:
Quote:
#
# If defined, the command name to display when running "su -". For
# example, if this is defined as "su" then a "ps" will display the
# command is "-su". If not defined, then "ps" would display the
# name of the shell actually being run, e.g. something like "-sh".
#
#SU_NAME su
This changes the long, long time behavior of the su utility unless you change the setting in /etc/login.defs.
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
Rep:
The advantage of the dash is to get root's profile (the PATH environment, is one) -- the /sbin directory, for example, is not usually on an ordinary user's PATH. You're executing su - to do something that can (or should) only be done by root and having root's environment settings (with the dash) makes life simpler. That's it, nothing complicated, just easier.
"su -" means you are completely root, "su" means you are mostly root.
Many commands will execute just fine with only "su". If you want to see the difference use only "su" and remember to try "su -" if you have troubles (could not open, could not find,etc.)
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
Rep:
Maybe this will help (maybe not, but what the heck).
When you log in your environment gets set, initially by entries in /etc/profile and then by entries in files in your home directory (.profile, .bashrc and others). You can view what got set with the env command. When you use su without the dash, you don't get the environment of the user you're becoming, you retain your own environment but your effective user and group identification become those of the user you're becoming; if you just execute su (without the dash), that's what happens -- you can do things as if you're root (like change file ownership and the like), but you're not really "running as root."
If, on the other hand, you use su -, then it is as if you logged on; /etc/profile is executed, all the "dot" files in root's home directory are executed, and you're in full-blown root environment. Similarly, if you sh - mysql, you become the mysql user with all the environment settings needed to act as that user.
This is part of the manual page for su for Solaris (which is Sun's version of Unix System V R4; Linux is similar in many ways to Solaris) which may (I hope) make this a little clearer.
Code:
NAME
su - become super user or another user
SYNOPSIS
su [ - ] [ username [ arg ... ] ]
DESCRIPTION
The su command allows one to become another user without
logging off or to assume a role. The default user name is
root (super user).
To use su, the appropriate password must be supplied (unless
the invoker is already root). If the password is correct, su
creates a new shell process that has the real and effective
user ID, group IDs, and supplementary group list set to
those of the specified username. The new shell will be the
shell specified in the shell field of username's password
file entry (see passwd(4)). If no shell is specified,
/usr/bin/sh is used (see sh(1)). To return to normal user ID
privileges, type an EOF character (<CTRL-D>) to exit the new
shell.
Any additional arguments given on the command line are
passed to the new shell. When using programs such as sh, an
arg of the form -c string executes string using the shell
and an arg of -r gives the user a restricted shell.
The following statements are true if the login shell is
/usr/bin/sh or an empty string (which defaults to
/usr/bin/sh) in the specific user's password file entry. If
the first argument to su is a dash (-), the environment will
be changed to what would be expected if the user actually
logged in as the specified user. Otherwise, the environment
is passed along, with the exception of $PATH, which is
controlled by PATH and SUPATH in /etc/default/su. Addition-
ally, the user's project ID is set if the dash argument is
present.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.