Switching between users
Now that we have several users on our system, we need to know how to switch between them. Of course, you can always just log in to the server as one of the users, but you can actually switch to any user account at any time providing you either know that user's password or have root access.
The command you will use to switch from one user to another is the su command. If you enter su with no options, it will assume that you want to switch to root and will ask you for your root password. As I mentioned earlier, Ubuntu locks out the root account by default, so you really don't have a root password. Unlocking the root account is actually really simple; all you have to do is create a root password. To do that, you can execute the following command as any user with sudo access:
sudo passwd
The command will ask you to create and confirm your root password. From this point on, you will be able to use the root account as any other account. You can log in as root, switch to root; it's fully available now. You really don't have to unlock the root account in order to use it. You certainly can, but there are other ways to switch to root without unlocking it, and it's typically better to leave the root account locked unless you have a very specific reason to unlock it. Either of the following commands will allow you to switch to root from a user account that has sudo access:
sudo su sudo -s
Now you'll be logged in as root and able to execute any command you want with no restrictions whatsoever. To return to your previous logged-in account, simply type exit. You can tell which user you're logged in as by the value at the beginning of your bash prompt.
But what if you want to switch to an account other than root? Of course, you can simply log out and then log in as that user. But you really don't have to do that. The following command will do the job, providing you know the password for the account.
su - <username>
The shell will ask for that user's password and then you'll be logged in as that user. Again, type exit when you're done using the account. That command is all well and good if you know the user's password, but you often won't. Typically in an enterprise, you'll create an account, force the user to change their password at first log in, and then you will no longer know that user's password. Since you have root and sudo access, you could always change their password and then log in as them. But they'll know something is amiss if their password suddenly stops working—you're not eavesdropping, are you?
Armed with sudo access, you can use sudo to change to any user you want to, even if you don't know their password. Just prefix our previous command with sudo and you'll only need to enter the password for your user account, instead of theirs:
sudo su - <username>
Switching to another user account is often very helpful for support (especially while troubleshooting permissions). As an example, say that a user comes to you complaining that he or she cannot access the contents of a specific directory, or they are unable to run a command. In that case, you can log in to the server, switch to their user account, and try to reproduce their problem. That way, you can not only see their problem yourself, but you can also test out whether or not your fix has solved their issue before you report back to them.