切换用户身份su

    su:switch user，切换用户
    su [options] [username]
    两个较重要的参数：
    -, -l, --login      make the shell a login shell
    -m, -p        do not reset environment variables, and keep the same shell

      用法：
    Many commands can only be run as the root user so to run these commands we need to become "root". To do this, we can use the su command (substitute user). The su command takes the following format:
    su - <user>
    or
    su <user>
    but most commonly we will use su to become the root user:
    su - root
    or
    su root
    If no username is specified, then the root user is assumed, so the above is often shortened to:
    su -
    or
    su
    but the two commands above behave differently. 'su <user>' gives the current user the identity of <user> whereas 'su - <user>' gives the current user the identity of <user> together with <user>'s environment that would be obtained by logging in as <user>.
   Often a user will become root using just 'su', try to run a command (eg, ifconfig), and get a 'command not found' error. For example:
   su
   Password:
   ifconfig
   bash: ifconfig: command not found
   The reason is that regular system users and the root user have different PATH environment variables. When you type a Linux command, the shell will search the user's PATH to try to locate the command to run. It starts searching each directory on the PATH until a match is found.
   Often when a person reports a problem, in IRC or otherwise, they are referred to this page. In debugging WHY a given binary cannot be seen, it is helpful to view the currently effective PATH with: echo $PATH
   Commands for regular users are mostly located in /usr/bin, and /bin and occasionally /usr/local/bin -- the /usr/local/* path prefix is not used for packaging by default upstream. However, root commands are mostly located in /usr/sbin, and /sbin and occasionally /usr/local/sbin As such, root's PATH reflects this.
    When you become root by using 'su -', you also adopt root's PATH whereas using just 'su' retains the original user's PATH, hence why becoming root using just 'su' and trying to run a command located in /usr/local/sbin, /usr/sbin, or /sbin results in a 'command not found' error.

    由此可以su一般用于普通用户与超级用户的切换，带不带“-”的区别在于环境变量的变更与否（PATH只是其中一个，经常需查看）。
    如下：
lejiang@ubuntu:~$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
lejiang@ubuntu:~$ su
Password: （需要root密码）
root@ubuntu:/home/lejiang# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
root@ubuntu:/home/lejiang# su lejiang
lejiang@ubuntu:~$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
lejiang@ubuntu:~$ sudo su -（只要普通用户密码即可，但该用户要有sudo su的权限）
[sudo] password for lejiang: 
root@ubuntu:~# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
root@ubuntu:~# su - lejiang
lejiang@ubuntu:~$ echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

    另外，关于su与sudo
    （1)通过su命令切换到root的确能够为管理带来方便，只要把root的密码交给任何一个普通用户，他都能切换到root来完成所有的系统管理工作。但通过su切换到root后，也引来了不安全因素，如果系统有多个用户涉及到超级权限的运用，管理员如果想让其它用户通过su来切换到root，必须把root密码都告诉这些用户；而这些用户有了root权限后可以通过root权限可以做任何事，
这在一定程度上就对系统的安全造成了威协，因为只要其中任何一人对系统操作的重大失误，都可能导致系统崩溃或数据损失。
所以su只适用于一两个人参与管理的系统，毕竟su并不能让普通用户受限的使用。
    （2）由于su对切换到超级权限用户root后，权限的无限制性，所以su并不能担任多个管理员所管理的系统。如果用su 来切换到超级用户来管理系统，也不能明确哪些工作是由哪个管理员进行的操作。特别是对于服务器的管理有多人参与管理时，最好是针对每个管理员的技术特长和管理范围，并且有针对性的下放给权限，约定其使用哪些工具来完成与其相关的工作，这时就有必要用到sudo。通过sudo，可以把某些超级权限有针对性的下放，并且不需要普通用户知道root密码，因而sudo 相对而言还是比较安全的，所以sudo 也能被称为受限制的su。