Q: If you're the administrator on a Linux or Unix system and you want to help a user look after some of the files and directories, or run applications, under their own account, what's the best login to use?

A: You should be logged in as if you were the user him/herself

Q: Why?

A: Because you want the ownerships of any file system objects you create, and processes, and any logs to be assigned back to that user, and you want the environment (PATH etc) to be the one that the user would be using as well.

Q: Does this mean I have to ask the user to give me his / her password then?

A: No. certainly not. Here's what you should do:

a) Log in as normal through YOUR OWN user account

b) Use the command su - to become the administrator ... and, yes, you need the root password to do this

c) Then use the command su - george to become the user george. You will NOT be asked for George's password, since the administrator can "su" to any other account without giving one - he/she has already logged in and gained sufficient authority via the root account.

Q: Is that real a minus sign after the su command? Is it needed?

A: Yes, it is, yes it is. It tells the su command to set up a new environment for you using the settings for the user that you're about to become. Without it, you'll be running with your original users environment, but with the new user's authorities. Occasionally that's convenient if you have a lot of aliases but it can leave some huge security loopholes and it means that you won't be seeing the system in the same way the user will, meaning that you won't (for example) be able to exactly reproduce any problems that he's calling for support on.
(written 2006-04-13, updated 2006-06-05)

 A161 - Web Application Deployment - Users and Groups
  [409] Functions and commands with dangerous names - (2005-08-11)
  [431] File permissions of Linux and Unix systems - (2005-08-31)
  [1592] Setting up a new user - Linux or Unix - (2008-03-26)
  [1619] User and Group settings for Apache httpd web server - (2008-04-22)
  [1650] Looking for files with certain characteristics (Linux / Unix) - (2008-05-22)
  [1773] The Longest Possible Day - (2008-08-26)
  [1902] sstrwxrwxrwx - Unix and Linux file permissions - (2008-11-23)
  [1904] Ruby, Perl, Linux, MySQL - some training notes - (2008-11-23)
  [2103] Ask the Tutor - Open Source forum - (2009-03-25)
  [2117] Choosing a railway station fairly in PHP - (2009-04-04)
  [2203] Always use su with minus. And where do programs come from? - (2009-05-27)
  [2301] Mistaken identity? - (2009-07-22)
  [2491] Root is root for a reason! - (2009-11-03)
  [2639] su or su - ... what is the difference? - (2010-02-17)
  [4045] Linux Web Server - User Roles, User Accounts, and shared administration - (2013-03-16)

Back to Iran has enriched uranium ...

Previous and next or Horse's mouth home

Forward to Staying in the country

Presentation, Business and Persistence layers in Perl and PHP
Name Services - telling your LDAP from your DNS
A couple of days away
Staying in the country
Supporting users on Linux and Unix
Iran has enriched uranium ...
Mirroring a dynamic site
Letter Boxes
More or less on the edge of the page
Why are maps rarely to scale?