We can switch between users through the su and sudo commands. Also, we can use these two commands to perform certain command operations with the privileges of other users.

su

Here are two arguments for mesg command:

Stay on the Current Working Directory After Switching User

By default, the su command replaces the current user with the root user.

1
2
3
4
5

whoami
pwd
su    # This is equivalent to su root
pwd
whoami

When we replace root with user, we don’t need to enter a password.

Change Current Working Directory to the Switched User Home Directory

With the - or -l or -login option, we can use the new current user’s home directory as the working directory after replacing the user:

1
2
3
4
5

whoami
pwd
su -    # This is equivalent to su -l or su --login
pwd
whoami

sudo

Edit Sudoers File

Locked Before Editing

A more rigorous approach, which locks the /etc/sudoers file and then opens it:

1

visudo    # After marking as occupied, open the /etc/sudoers file through the vi editor

At this point, if a user logged in via another terminal also wants to edit the / etc/sudoers file via visudo, the following alert will appear:

Naked Editing

One less rigorous approach is to open the /etc/sudoers file directly and others can edit it at the same time:

1

vi /etc/sudoers

Editing the Content

1
2

# 1. Safely open the /etc/sudoers file through visudo command
visudo

1
2

# 2. Paste this line of setting in that file
usropt ALL=(root) PASSWD:/usr/sbin/userdel,/usr/sbin/usermod, NOPASSWD:/usr/sbin/useradd

1
2
3

# 3. Let's create a user with the same name as the configuration
useradd usropt
echo "opt123" | passwd --stdin usropt    # Set password to opt123

Run the Command as Another User

Let’s replace the current user with the newly created user:

1
2

su - usropt
useradd

We need to use the sudo command to run the administrator’s command:

1

sudo useradd

When configured, if the command is assigned under passwd, you need to enter the user’s password when using the command to prevent malicious abuse of account permissions by others:

1

sudo userdel    # Needs to provide the current user's password

Alias

We can subdivide each as a part through alias:

1
2

su -    # Replace the current user with root
visudo    # Open the /etc/sudoers file again

1
2
3
4
5
6
7

# Replace the previous setting with below settings
User_Alias USROPT = usropt
Host_Alias USROPTHOST = ALL
Runas_Alias USROPTRUNAS = root
Cmd_Alias USROPTCMDNOPIN = /usr/sbin/useradd
Cmd_Alias USROPTCMDPIN = /usr/sbin/usermod,/usr/sbin/userdel,!/usr/bin/passwd root,/usr/bin/passwd [A-Za-z]*
USROPT USROPTHOST=(USRRUNAS) PASSWD:USROPTCMDPIN,NOPASSWD:USROPTCMDNOPIN

wheel group

We can configure a user’s privileges the same as root through the wheel group:

1
2

su -    # Replace the current user with root
visudo    # Open the /etc/sudoers file again

1

%wheel ALL=(ALL) ALL

Create a new user to append a wheel supplementary group to that user:

1
2
3
4
5
6

useradd wheelopt
echo "opt123" | passwd --stdin wheelopt    # Set password to opt123
usermod -a -G wheel wheelopt    # Append wheel to user's supplementary group
su - wheelopt
id
sudo useradd    # Needs to provide the current user's password

References 22.5 su: Run a command with substitute user and group id, SU(1), Sudoers Manual, Visudo 1.8.23 Manual

Buy me a coffee