Reference 4.4 Manage macOS from the CLI
In this section, you look at commands that enable you to access items normally restricted by file-system permissions.
Use the su (substitute user identity or super user) command to switch to another user account. Enter su, followed by the short name of the user you want to switch to, and enter the account password. The password won’t display. The command prompt changes, indicating that you have the access privileges of a different user. Enter who -m to verify your currently logged-in identity. You remain logged in as the substitute user until you quit Terminal or enter the exit command. In the following example, Joan uses the su command to change her shell to Johnny’s account, and then she will exit back to her account:
joan@MyMac ~ % who -m joan ttys001 Aug 20 14:06 joan@MyMac ~ % su johnny Password: johnny@MyMac ~ % who -m johnny ttys001 Aug 20 14:06 johnny@MyMac ~ % exit exit joan@MyMac ~ % who -m joan ttys001 Aug 20 14:06
Use sudo
Precede a command with sudo (substitute user do) to tell macOS to run the command using root account access. You must have an administrator user account to use sudo. sudo works even when the root user account is disabled in the graphical interface. Be careful with sudo and limit access to it.
System Integrity Protection (SIP) prevents changes to parts of macOS, even for the root user. Read Reference 15.2, “System Integrity Protection,” for more information about the specific resources that are protected.
If, as an administrator user, you need to execute more than one command with root account access, you can temporarily switch the entire command-line shell to have root-level access. Enter sudo -s and your password to switch the shell to root access. You remain logged in as the root user until you quit Terminal or enter the exit command.