su Command in Linux: Switch User
When you are logged in as a regular user and a task needs root or a different account, you have two practical options on Linux: switch into that user with su, or run a single command with elevated privileges through sudo. The su utility (short for substitute or switch user) is the older of the two and the one many sysadmins still reach for when they want a full shell as another user.
Using su is the simplest way to switch to the administrative account in the current login session. It is especially handy when the root user is not allowed to log in to the system through SSH
or using the GUI display manager. If you only want to run a single command with elevated privileges, see the sudo command guide
instead.
This guide explains how to use the su command with practical examples and how it compares to sudo.
Syntax
The general syntax for the su command is as follows:
su [OPTIONS] [USER [ARGUMENT...]]When invoked without any option, the default behavior of su is to run an interactive shell as root:
suYou will be prompted to enter the root password, and if authenticated, the user running the command temporarily becomes root.
sudo, which asks for your own password, su requires the password of the target user you are switching to.To confirm that the user is changed, use the whoami command:
whoamirootTo switch to another user account, pass the user name as an argument to su. For example, to switch to the user tyrion you would type:
su tyrionTo start a login shell as another user:
su - tyrionLogin Shell vs Non-Login Shell
When you run su without the - option, the SHELL and HOME environment variables
are set from the target user’s /etc/passwd
entry, but the current directory and the rest of the environment are not changed. This means the PATH variable still contains the original user’s directories.
The most commonly used option when invoking su is - (-l, --login). This starts a login shell with an environment identical to a real login, including changing the current directory
to the target user’s home:
su -In most cases, you want to use su - rather than plain su to get a clean environment.
Options
The su command accepts the following options:
Run a Specific Shell
To run a shell other than the one defined in the passwd file, use the -s, --shell option. For example, to switch to root and run the zsh shell:
su -s /usr/bin/zshPreserve the Environment
To preserve the entire environment (HOME, SHELL, USER, and LOGNAME) of the calling user, use the -p, --preserve-environment option:
su -pWhen the - option is used, -p is ignored.
Run a Single Command
To run a command as the target user without starting an interactive shell, use the -c, --command option. For example, to invoke the ps
command as root:
su -c 'ps aux'To run a command as a specific user:
su -c 'whoami' tyrionThe command string should be quoted if it contains spaces or special characters.
sudo vs su
On some Linux distributions like Ubuntu, the root user account
is disabled by default for security reasons. This means that no password is set for root, and you cannot use su to switch to root.
One option to change to root would be to prepend the su command with sudo and enter the currently logged-in user password:
sudo su -The sudo command allows you to run programs as another user, by default the root user.
If the user is granted sudo access, the su command is invoked as root. Running sudo su - and then typing the user password has the same effect as running su - and typing the root password.
When used with the -i option, sudo runs an interactive login shell with the root user’s environment:
sudo -isudo -i is similar to running su -, but it authenticates through sudo.
The key differences between sudo and su:
- Password:
surequires the target user’s password.sudorequires your own password. - Access control:
sudoallows fine-grained control over which commands a user can run (configured in/etc/sudoers).sugives full access to the target user’s account. - Auditing:
sudologs commands invoked throughsudo.suonly logs that a user switched accounts, and commands run inside the new shell are not logged individually bysu. - Root password:
sudoremoves the need to share the root password among multiple administrators.
Troubleshooting
su: Authentication failure
You typed the wrong password for the target user, or the target account has no password set. On Ubuntu and other distributions where the root account is locked by default, plain su will always fail because no root password exists. Use sudo su - or sudo -i instead, or set a root password with sudo passwd root if you really need direct su access.
su: User <name> does not exist or the user entry does not contain all the required fields
The user account you are switching to is not in /etc/passwd. Double-check the spelling and confirm the account exists with id <name> or getent passwd <name>.
su -c runs the wrong command or splits arguments unexpectedly
The command string is being parsed by your current shell before su sees it. Wrap the whole command in single quotes, for example su -c 'systemctl restart nginx', so the target user’s shell receives it as a single argument.
Cannot exit back to the original user
The exit command (or pressing Ctrl+D) leaves the current shell. If su was nested several times, you may need to run exit more than once before you are back in your original session.
Quick Reference
| Task | Command |
|---|---|
| Switch to root | su |
| Switch to root (login shell) | su - |
| Switch to another user | su username |
| Run a command as root | su -c 'command' |
| Use a specific shell | su -s /bin/zsh |
| Preserve environment | su -p |
| Switch to root via sudo | sudo su - |
| Sudo login shell | sudo -i |
FAQ
What is the difference between su and su -?su switches to the target user but keeps most of the current environment, including PATH and the working directory. su - starts a full login shell with the target user’s complete environment.
What is the difference between su and sudo?su switches your entire session to another user and requires that user’s password. sudo runs a single command (or opens a shell) with elevated privileges using your own password.
Why does su ask for a password even though I am root?
If you are already root, su does not ask for a password. If it still prompts, you are most likely in a nested shell that only looks like a root shell, for example after a previous sudo -i left an unusual prompt. Run whoami to confirm who you actually are before troubleshooting further.
How do I exit an su session?
Type exit or press Ctrl+D to leave the current shell and return to the previous user. If you ran su more than once in a row, repeat the step until you are back in your original session.
How do I restrict which users can use su?
On most distributions, you can restrict su access to members of the wheel group by configuring PAM. Edit /etc/pam.d/su and uncomment the line containing pam_wheel.so.
Conclusion
The su command lets you switch to another user account and run commands with that user’s privileges, which is the right tool when you need a full interactive shell as another user. For everyday administrative work, sudo is usually the better choice thanks to its access control and auditing, so consider pairing this guide with the sudo command in Linux
post.
Linuxize Weekly Newsletter
A quick weekly roundup of new tutorials, news, and tips.
About the authors
Dejan Panovski
Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.
View author page