Difference between revisions of "Su"

From ArchWiki
Jump to: navigation, search
m
Line 3: Line 3:
 
[[Category:HOWTOs (English)]]
 
[[Category:HOWTOs (English)]]
  
==Login Shell==
+
The 'su' command is used to assume the identity of another user on the system, normally root. This saves having to logout and log back in as the user you want to be.
 +
 
 +
== su'ing to a new user ==
 +
 
 +
To assume the login of another user, pass the username that you want to become to su
 +
 
 +
su http
 +
 
 +
You will be prompted for the password of [[the user you are attempting to become]].
 +
 
 +
If no username is passed, su assumes the root user.
 +
 
 +
== Login Shell ==
 +
 
 +
Normally you will want to run su with the '-' option. This makes the login behave as if you just logged in as that user directly, rather than inheriting your current environment:
  
In most cases, you will want to run su with the '-' option, so it acts as if you just logged in as that user directly:
 
 
  su -
 
  su -
  
 
You may wish to add an alias to ~/.bashrc for this:
 
You may wish to add an alias to ~/.bashrc for this:
 +
 
  alias su="su -"
 
  alias su="su -"
  
 +
== Security ==
 +
 +
From a security perspective, it is better to setup the use of 'sudo' instead of 'su'. The 'sudo' system will prompt you for your [[own]] password rather than that of the user you are attempting to become. This way you do not have to share passwords between users, and if you ever need to stop a user having access to the root (or any other account), you don't have to change the root password (which would inconvenience everyone else), you would just need to revoke that users sudo access.
 +
 +
== Allow Only the "wheel" Group to run su ==
 +
 +
Uncomment the appropriate line in /etc/pam.d/su
  
==How to allow only the "wheel" group to run su==
 
*Uncomment the appropriate line in /etc/pam.d/su
 
 
  auth          required        pam_wheel.so use_uid
 
  auth          required        pam_wheel.so use_uid

Revision as of 01:54, 16 July 2009

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: please use the first argument of the template to provide more detailed indications. (Discuss in Talk:Su#)

The 'su' command is used to assume the identity of another user on the system, normally root. This saves having to logout and log back in as the user you want to be.

su'ing to a new user

To assume the login of another user, pass the username that you want to become to su

su http

You will be prompted for the password of the user you are attempting to become.

If no username is passed, su assumes the root user.

Login Shell

Normally you will want to run su with the '-' option. This makes the login behave as if you just logged in as that user directly, rather than inheriting your current environment:

su -

You may wish to add an alias to ~/.bashrc for this:

alias su="su -"

Security

From a security perspective, it is better to setup the use of 'sudo' instead of 'su'. The 'sudo' system will prompt you for your own password rather than that of the user you are attempting to become. This way you do not have to share passwords between users, and if you ever need to stop a user having access to the root (or any other account), you don't have to change the root password (which would inconvenience everyone else), you would just need to revoke that users sudo access.

Allow Only the "wheel" Group to run su

Uncomment the appropriate line in /etc/pam.d/su

auth           required        pam_wheel.so use_uid