Starting a “login shell” or “interactive shell” using the switch user (su) command in CentOS/RHEL 7

There are 2 types of bash sessions that you can create:

  • interactive shell – This is a generic bash session without any user specific customisations. The key thing here is that the ~/.bashrc script gets executed behind the scenes every time this interactive shell is initialised
  • login shell – This is a bash session with user specific customisations loaded in. This is the default bash session type when we create an ssh session. The key thing here is that the ~/.bash_profile script gets executed behind the scenes every time this login shell is created. This script is what does the user specific customisation. This script also sources the ~/.bashrc script. The /etc/profile is also executed as part of a login shell’s initialisation
  • .

So basically the main difference between interactive and login shell is whether or not both the ~/.bash_profile and /etc/profile has been executed. Here’s an example of what this file looks like:

$ cat /root/.bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
	. ~/.bashrc

# User specific environment and startup programs


export PATH

Here is a summary of the main files relating to shell types:

       The system-wide initialization file, executed for login shells
       The personal initialization file, executed for login shells
       The individual per-interactive-shell startup file
       The individual login shell cleanup file, executed when a login shell exits

All the following let’s you switch user, and switch into a login shell:

  • su - {username}
  • su -l {username}
  • su --login {username}

You can omit {username}, in which case the “su” command will use the default username, which is “root”. If you want to su into an interactive shell, you do:

$ su {username}

Once again, you can omit {username} to imply the root user. In most cases you would log in using login shells.

On the job tip: as part of troubleshooting, you might want to switch to a service account, which are indicated as being nologin account:

$ cat /etc/passwd | grep nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:997:User for polkitd:/:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
mysql:x:27:27:MariaDB Server:/var/lib/mysql:/sbin/nologin

But this will fail if you try:

$ su - postfix
This account is currently not available.

However you can override this by using the (s)hell option:

$ su - postfix -s /bin/bash

Also see: interactive and login shells