RED HAT ENTERPRISE LINUX
Login and User
Switching
Log in and switch users in multi-user targets
CIS126RH | RHEL System Administration 1
Mesa Community College
Production RHEL systems run in multi-user mode and are shared among many accounts. Every administrator must know how to log in at the console and over the network, how to switch between user accounts without logging out, and how to run commands with elevated privilege. Understanding systemd targets explains what services are running and which login methods are available. These skills are tested on the RHCSA exam.
Learning Objectives
- Describe systemd targets and multi-user mode — Explain what targets are, identify the common targets, and relate them to classic runlevels
- Log in at the console and over the network — Use virtual consoles, graphical login, and SSH to open sessions on a running system
- Switch users with su and sudo — Open a shell as another user and run individual commands with elevated privilege
- Manage and inspect active sessions — View who is logged in, what they are running, and how to end a session cleanly
What is a systemd Target?
A target is a systemd unit that groups other units together to bring the system to a well-defined state. Targets replace the classic SysV runlevels.
| Target | Old runlevel | Description |
|---|---|---|
poweroff.target |
0 | Halt and power off the system |
rescue.target |
1 | Single-user mode — minimal services, root only |
multi-user.target |
3 | Multi-user, network enabled, no graphical interface |
graphical.target |
5 | Multi-user with a graphical login screen |
reboot.target |
6 | Shut down and reboot |
Servers rarely need a graphical interface. multi-user.target starts
networking and all configured services without the overhead of a display manager.
Viewing and Changing Targets
Check the Current Target
# Show the currently active default target
$ systemctl get-default
multi-user.target
# List all active units of type target
$ systemctl list-units --type=targetChange the Default Target
# Set the system to boot into graphical mode by default
$ sudo systemctl set-default graphical.target
# Set the system to boot into text (multi-user) mode by default
$ sudo systemctl set-default multi-user.targetSwitch Target Without Rebooting
# Move to a different target right now — does not change the default
$ sudo systemctl isolate multi-user.targetKnow systemctl get-default, set-default, and isolate.
The exam may ask you to change the default boot target on a managed node.
Logging In at the Console
Text Console Login (multi-user.target)
When no graphical interface is running, the system presents a text login prompt on the active virtual console.
servera login: student
Password:
Last login: Mon May 25 09:00:00 2026
[student@servera ~]$Virtual Consoles
- RHEL provides up to six virtual consoles, switched with Ctrl+Alt+F1 through F6
- Each console supports an independent login session
- Multiple users — or the same user multiple times — can be logged in simultaneously
- Virtual consoles remain available even if the network is down
Always have console access as a fallback. If SSH fails or a firewall rule locks you out remotely, the physical or virtual console is how you recover.
Graphical Login
When graphical.target is active, the system starts GDM — the GNOME Display
Manager — which presents a graphical login screen.
- Select a user and enter the password to start a GNOME desktop session
- Open a terminal inside GNOME to reach a bash shell: Activities → search "terminal", or right-click the desktop
- Switch to a text virtual console with Ctrl+Alt+F2 through F6 while GNOME runs on F1
- Log out of GNOME: top-right menu → your username → Log Out
Checking Which Display Manager is Running
$ systemctl status gdm
● gdm.service - GNOME Display Manager
Loaded: loaded (/usr/lib/systemd/system/gdm.service; enabled)
Active: active (running)graphical.target pulls in multi-user.target as a dependency —
everything available in text mode is also available in graphical mode.
GDM is simply added on top.
Who is Logged In?
Several commands show the current users and sessions on a system.
# Brief list of logged-in users
$ who
student tty2 2026-05-25 09:00 (:0)
student pts/0 2026-05-25 09:05 (192.168.1.5)
admin pts/1 2026-05-25 09:10 (192.168.1.8)
# Extended information including idle time and current process
$ w
09:15 up 2 days, 3:42, 3 users, load average: 0.01, 0.02, 0.00
USER TTY FROM LOGIN@ IDLE WHAT
student tty2 :0 09:00 5:00 bash
student pts/0 192.168.1.5 09:05 0:30 vim /etc/hosts
admin pts/1 192.168.1.8 09:10 2:10 sudo -i
# Show your own identity in the current shell
$ whoami
student
# Show UID, GID, and all group memberships
$ id
uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)Switching Users with su
su — substitute user — opens a shell as a different user without
logging out of the current session.
su vs su -
| Command | What changes | What stays the same |
|---|---|---|
su username |
User identity (UID, GID) | Current directory, environment variables from the original user |
su - username |
User identity AND full login environment | Nothing — behaves as if you logged in fresh as that user |
# Switch to root — requires the root password
$ su -
Password:
[root@servera ~]#
# Switch to another regular user
$ su - maria
Password:
[maria@servera ~]$
# Return to the previous user
$ exitUse su - rather than su to get the target user's complete
environment — correct PATH, home directory, and shell configuration. Using
su alone can cause subtle problems when scripts or commands depend on
environment variables.
Running a Single Command with su
The -c option runs one command as the target user and immediately returns
to the original shell — no interactive session is opened.
# Run a single command as root without opening a root shell
$ su -c 'systemctl restart httpd' - root
Password:
# Run a command as another user
$ su -c 'id' - maria
Password:
uid=1001(maria) gid=1001(maria) groups=1001(maria)
# Root can run commands as any user without a password
[root@servera ~]# su -c 'whoami' - maria
mariasu -c requires knowing the target user's password.
sudo uses the caller's own password and a policy file.
On modern RHEL systems, sudo is almost always the preferred approach.
sudo: Controlled Privilege Escalation
sudo — superuser do — runs a command with elevated privilege using
your own password, subject to a policy defined in /etc/sudoers.
Common sudo Patterns
# Run a single command as root
$ sudo systemctl restart sshd
# Open a root login shell
$ sudo -i
[root@servera ~]#
# Open a root shell without a full login environment
$ sudo -s
# Run a command as a specific user other than root
$ sudo -u maria id
uid=1001(maria) gid=1001(maria) groups=1001(maria)
# List what sudo rules apply to you
$ sudo -lOn the exam, the student account has unrestricted sudo access.
Use sudo -i when you have several privileged tasks to complete back to back.
Configuring sudo: /etc/sudoers
The /etc/sudoers file defines who can run what as whom.
Always edit it with visudo — never directly.
# Open sudoers safely — validates syntax before saving
$ sudo visudo
# Grant a user full sudo access (equivalent to root)
student ALL=(ALL) ALL
# Grant a user sudo without a password prompt
student ALL=(ALL) NOPASSWD: ALL
# Grant a group full sudo access — note the % prefix
%wheel ALL=(ALL) ALL
# Add a user to the wheel group to grant sudo via group policy
$ sudo usermod -aG wheel mariaA syntax error in /etc/sudoers locks everyone out of sudo.
visudo checks syntax before saving and prevents this. Never edit the file
with a regular text editor.
sudo vs su: Comparison
| Feature | sudo |
su |
|---|---|---|
| Password required | Your own password (or none with NOPASSWD) | Target user's password (root needs none) |
| Access control | Fine-grained — per command, per host, per target user | All or nothing — full access once authenticated |
| Audit trail | Every command logged to /var/log/secure |
Login logged; individual commands are not |
| Root password needed | No | Yes (to switch to root) |
| Recommended on RHEL 9 | Yes — preferred method | For legacy systems or specific use cases |
Use sudo for individual privileged commands and sudo -i
when you need a root shell for multiple tasks. Reserve su for situations
where sudo is not configured.
runuser: Switching Users in Scripts
runuser runs a command as a different user — designed for use in scripts and
system services where no password prompt is appropriate.
# Run a command as the apache user (from a root context)
[root@servera ~]# runuser -u apache -- id
uid=48(apache) gid=48(apache) groups=48(apache)
# Open a login shell as the postgres user
[root@servera ~]# runuser -l postgres
# Run a script as a service account — common in init scripts
[root@servera ~]# runuser -u tomcat -- /opt/tomcat/bin/startup.sh| Command | Requires password | Typical use |
|---|---|---|
su | Yes (unless root) | Interactive user switching |
sudo | Caller's password (configurable) | Privileged commands with audit trail |
runuser | Never — root only | Scripts and services running as root |
Session Management
loginctl is the systemd tool for inspecting and managing user login sessions.
# List all active login sessions
$ loginctl list-sessions
SESSION UID USER SEAT TTY
1 1000 student seat0 tty2
3 1000 student pts/0
5 1002 admin pts/1
# Show details about a specific session
$ loginctl show-session 3
# List users with active sessions
$ loginctl list-users
# Terminate a session by session ID
$ sudo loginctl terminate-session 5
# Terminate all sessions for a user
$ sudo loginctl terminate-user adminTerminating a session kills all processes in it immediately. Warn users and give them
time to save work before using terminate-session or
terminate-user.
Logging Out and Locking Sessions
Ending a Shell Session
# Log out of the current shell — any of these work
$ exit
$ logout
# Press Ctrl+D to send end-of-inputExiting Nested Shells
# After su - or sudo -i, exit returns to the previous user
[root@servera ~]# exit
logout
[student@servera ~]$ # back to studentLocking the Graphical Screen
# Lock the GNOME screen from the command line
$ loginctl lock-session
# Or use the GNOME keyboard shortcut
# Super+L (Windows key + L)Each exit closes one shell layer. After sudo -i followed by
su - maria, you need two exit calls to return to your
original session. Watch the prompt to confirm which user you are.
Login History: last and lastlog
These commands read the login history databases to show past sessions.
last — Recent Login Sessions
# Show recent logins for all users
$ last
student pts/0 192.168.1.5 Mon May 25 09:05 still logged in
student pts/0 192.168.1.5 Sun May 24 14:00 - 16:30 (02:30)
root tty2 Sun May 24 08:00 - 08:15 (00:15)
reboot system boot Sun May 24 07:58
# Show logins for a specific user
$ last student
# Show reboot history
$ last rebootlastlog — Most Recent Login for Every Account
$ lastlog
Username Port From Latest
root tty2 Sun May 24 08:00
student pts/0 192.168.1.5 Mon May 25 09:05
maria **Never logged in**Knowledge Check
Answer these before moving to the next slide.
- What systemd target corresponds to old runlevel 3, and what does it provide?
- What is the difference between
su mariaandsu - maria? - What command shows the current default boot target?
- You run
sudo -iand thensu - maria. How many times must you typeexitto return to your original session? - Why should you always edit
/etc/sudoerswithvisudo? - What command shows who is currently logged in along with what they are running and how long they have been idle?
Knowledge Check — Answers
multi-user.targetcorresponds to runlevel 3. It provides a fully functional multi-user system with networking and all configured services, but no graphical interface.su mariaswitches to maria's user identity but keeps the current user's environment variables, working directory, and PATH.su - mariagives a full login environment — maria's HOME, PATH, and shell configuration — as if she had logged in directly.systemctl get-default- Two
exitcommands — the first closes the maria shell and returns to the root shell opened bysudo -i; the second closes the root shell and returns to the original student session. - A syntax error in
/etc/sudoerslocks all users out ofsudo.visudovalidates the syntax before saving, preventing the file from being written if there is an error. - The
wcommand shows logged-in users, their terminal, originating host, login time, idle time, and the command currently running in their session.
Key Takeaways
-
Targets define system state.
multi-user.targetis the standard server mode — text login, networking, full services.graphical.targetadds a display manager on top. Usesystemctl get-defaultandset-defaultto inspect and change the boot target. -
Always use
su -, notsu. The dash gives the target user's full login environment — correct HOME, PATH, and shell configuration. Without it, subtle environment problems can break commands and scripts. -
sudois the preferred privilege escalation method. It uses your own password, logs every command to/var/log/secure, and does not require knowing the root password. Usesudo -ifor a root shell. Always edit/etc/sudoerswithvisudo. -
Watch the prompt — always know which user you are.
$means regular user;#means root. After nested shells, eachexitcloses one level. Usewhoamioridto confirm your identity before running any privileged command.
Graded Lab
- Check the current default systemd target on
serverawithsystemctl get-default - Use
whoandwto list currently logged-in users and observe what each session is running - Use
su -to switch to root, confirm withwhoami, thenexitback to the student shell - Use
sudo -ito open a root shell, thensu - studentto switch to the student user — note the three shell levels, then exit each one in turn watching the prompt change - Run
sudo -lto list the sudo rules that apply to your account - Use
lastto view recent login history and identify any reboot events - Use
loginctl list-sessionsto list active sessions and compare the output withwho
"Log in and switch users in multi-user targets." This objective underpins every other privileged task on the exam. Fluent user switching and prompt awareness are essential skills.
Next: Archive, compress, unpack, and uncompressfiles using tar, gzip, and bzip2