From Gentoo Wiki
Jump to:navigation Jump to:search


The su (substitute user) command can be used to adopt the privileges of other users from the system.

The command is provided by the util-linux package, that has the su USE flag enabled by default. The su command is also available with sys-apps/shadow, that also has a su USE flag. Avoid installing both these commands simultaneously.


user $su --help
 su [options] [-] [<user> [<argument>...]]

Change the effective user ID and group ID to that of <user>.
A mere - implies -l.  If <user> is not given, root is assumed.

 -m, -p, --preserve-environment      do not reset environment variables
 -w, --whitelist-environment <list>  don't reset specified variables

 -g, --group <group>             specify the primary group
 -G, --supp-group <group>        specify a supplemental group

 -, -l, --login                  make the shell a login shell
 -c, --command <command>         pass a single command to the shell with -c
 --session-command <command>     pass a single command to the shell with -c
                                   and do not create a new session
 -f, --fast                      pass -f to the shell (for csh or tcsh)
 -s, --shell <shell>             run <shell> if /etc/shells allows it
 -P, --pty                       create a new pseudo-terminal

 -h, --help                      display this help
 -V, --version                   display version

For more details see su(1).

Adopt root privileges

su will run commands as root by default. Since not specifying a username will cause su to ask for root privileges, the following command will run as root and halt the system:

user $su -c 'shutdown -h now'
It is best practice to encapsulate the commands following the -c option with either single or double quotes.

Adopt another user's privileges

It is also possible to specify a user other than root to substitute commands. The following example will run the command echo as the user larry:

user $su -c 'echo "Moo to the Gentoo Wiki reader out there!"' larry

See also

  • doas — provides a way to perform commands as another user.
  • sudo — provides a simple and secure way to configure privilege escalation