Changing the Home Directory and Environmental Variables
The default behavior of su is to maintain the current directory and the environmental variables of the original user (rather than switch to those of the new user). Although the shell account likewise remains that of the original user, any new, unprivileged user (i.e., users other than root and others with some system privileges) does not gain automatic access to the directories or files of the former owner of the session.
Environmental variables are a class of variables that tell the shell how to behave as a user works at the command line (i.e., all-text mode) or in shell scripts (i.e., programs written in shell programming languages). They can be, and often are, set differently for each user.
The single most important environmental variable is PATH. When a user types in a command at the command line, the shell searches through all directories listed in PATH until it finds a program with that name. It is important to keep in mind the fact that there are different PATH settings for ordinary users and root.
The contents of the PATH file for the owner of the current session can be seen by issuing the following command:
echo $PATH
For ordinary users PATH is usually something like /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/username/bin: For root it generally resembles /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin.
Thus, if there is an executable (i.e., a runnable program) in the directory /usr/local/bin, root will have to supply the full path in order to run that application, otherwise the shell will just return the error message command not found. The full path is the name of the command or program preceded by its path from the root directory (which is represented by a forward slash and which should not be confused with /root, the root user's home directory). An ordinary user would only need to type the name of the command or program in such case, and not its full path, because /user/local/bin is in the user's PATH.
It sometimes can be advantageous for a system administrator to use the shell account of an ordinary user rather than its own. In particular, occasionally the most efficient way to solve a user's problem is to log into that user's account in order to reproduce or debug the problem.
However, in many situations it is not desirable, or it can even be dangerous, for the root user to be operating from an ordinary user's shell account and with that account's environmental variables rather than from its own. While inadvertently using an ordinary user's shell account, root could install a program or make other changes to the system that would not have the same result as if they were made while using the root account. For instance, a program could be installed that could give the ordinary user power to accidentally damage the system or gain unauthorized access to certain data.
Thus, it is advisable that administrative users, as well as any other users that are authorized to use su (of which there should be very few, if any), acquire the habit of always following the su command with a space and then a hyphen. The hyphen has two effects: (1) it switches the current directory to the home directory of the new user (e.g., to /root in the case of the root user) and (2) it changes the environmental variables to those of the new user. That is, if the first argument to su is a hyphen, the current directory and environment will be changed to what would be expected if the new user had actually logged on to a new session (rather than just taking over an existing session).
Thus, administrators should generally use su as follows:
su -
An identical result is produced by adding the username root, i.e.,
su - root
Likewise, the same can be done for any other user, e.g., for a user named bob:
su - bob
An argument, also called a command line argument, is a file or other information that is provided to a command in order for that command to use it as an input. Arguments used with su can include the hyphen and a username as well as arguments for commands that are used with su.