From 7514d0948c0c14957708a2f0d8080396fd4b181b Mon Sep 17 00:00:00 2001
From: koalaman <vidar@vidarholen.net>
Date: Tue, 8 Jul 2014 14:22:37 -0700
Subject: [PATCH] Created SC2117 (markdown)

---
 SC2117.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 SC2117.md

diff --git a/SC2117.md b/SC2117.md
new file mode 100644
index 0000000..e230015
--- /dev/null
+++ b/SC2117.md
@@ -0,0 +1,25 @@
+## To run commands as another user, use su -c or sudo.
+
+### Problematic code:
+
+    whoami
+    su
+    whoami
+
+### Correct code:
+
+    whoami
+    sudo whoami
+
+### Rationale:
+
+It's commonly believed that `su` makes a session run as another user. In reality, it starts an entirely new shell, independent of the one currently running your script.
+
+`su; whoami` will start a root shell and wait for it to exit before running `whoami`. It will not start a root shell and then proceed to run `whoami` in it. 
+
+To run commands as another user, use `sudo some command` or `su -c 'some command'`. `sudo` is preferred when available, as it doesn't require additional quoting and can be configured to run passwordless if desired.
+
+
+### Contraindications
+
+If you're aware of the above and want to e.g. start an interactive shell for a user, feel free to ignore this message.
\ No newline at end of file