One can also use the "su" command doing something like "su fred" to become fred, which has the advantage of keeping you in the same directory as you were before the "su" command. "login" will cause you to go to the home directory of the account you are logging into.

I think that "su" stands for "set user" or something like that. I also think that for many unix systems "su root" is commonly used to get superuser privledges, but since Mac OS X doesn't have a "root" account by default, the "sudo" command is generally used to execute one command as superuser or "sudo tcsh" to get a login shell as superuser.

(Does the "preview" count as a comment submission? The system is asking me to wait for 60 seconds before hitting the "submit" button.)

Thanks for the tip on su. I just tried it and it is better than login for two very good reasons:

1) It does keep you at the same directory
2) It still lets you use the tcsh history. When I used login to change the user, I was not able to use my shell history any more.

Chris

The same effect can be duplicated by using su, which stands for "substitute user."

gee, and all those years I've been playing with linux i thought su meant SuperUser.

Now, suddenly it's got a new term definition (2 of 'em!)

Why doesn't anyone tell me about these things?

You may have been using Linux for years, but you've never tried to su to a normal user account
from either root or any normal user account? This is why the "accepted" definition (I know, it's
in the manpage) of calling it SuperUser isn't always accepted among oldguard unix geeks. It was
introduced to me as Switch User. Entering any name works of course, but none will default to
the root account. BSD way of things is better IMHO, and has been sudo for some time now (and
I am aware that Linux has been including it as well for a few years too).

yes that works but you should geet out of the habit.
use command sudo instead. sudo has two major advantages
first it is temporary and your priviledges will time out if you dont use them, which is plus for security. not to mention avoiding disasterously stupid mistakes (real sys admins know they should avoid being root except when required for just this reason.)
second it records your actions in a logfile. you can go back later and see what you did to yourself!
sudo is also polite in that it wont keep asking you for your password after the first occurence within the timeout period.
if you want to enter sudo mode but for longer than a single command then try
sudo su
or
sudo tsch

Just a precision with sudo: you cannot use sudo if your account is not listed in the sudoers file, which is the case for non-admin accounts. In this case, first use su to login as an admin user (admin users are listed in the sudoers file), then you can use sudo.

you may not realize this, but there is nothing magical about an admin account over non-admin accounts other than the ability to run the sudo command.

there are only two kinds of accounts in unix. root and not-root.

an account in group admin merely has the ability to run sudo.

any account can run su ; it's only requirement is the root password.

regards,

-mt

"any account can run su ; it's only requirement is the root password."

I'm not sure this is completely accurate. I believe the user must be in /etc/sudoers to be able to use su. At least that was how it used to be.
I haven't checked lately.

Tim

If you try to su while logged in as non-admin, it will tell you that you have to be in the group closest to root, "wheel," in order to su. And you do have to be in the special sudo file in order to sudo.

there is more to the admin account than the ability to use sudo. it does, after all, add your username to the group "admin" as well. so if a file is owned by someowner:admin, with rw privileges for owner and group, but not for everyone, then an admin user could access this file while a non-admin user could not access this file (they would, by default, be a member of group "staff", not "admin"). if everyone was admin (i.e. there were no non-admin accounts) then this distinction would be eliminated even though it has nothing to do with the ability to obtain root privileges.

this type of grouping may be unimportant to some, but if you have certain data on the system that is appropriate for the privileged eyes of an admin, but not a regular user, then this is one example where it is important to distinguish between admin and non-admin accounts, not just between root and non-root.

duh, there's more to OS X than Terminal.app. Admin's can change stuff in the gui tools like System Preferences.