Running # su - oliver --command bash gives a shell but also prints the warning bash: no job control in this shell, and indeed Ctrl+Z and fg/bg don't work in that shell.
Running # su - oliver --session-command bash gives a shell without printing the warning, and job control indeed works.
The suggestion to use --session-command comes from Starting a shell from scripts using su results in "no job control in this shell" which states "[a security fix for su] changed the behavior of the -c option and disables job control inside the called shell".
But I still don't quite understand this. When should one use --command and when should one use --session-command? Is --command (aka -c) more secure? Or should one always use --session-command, and --command is just left in for backwards compatibility?
FWIW, I'm using RHEL 6.4.
Generally, you should prefer
--command(-c) to--session-command. You should not be using -c with interactive shells (maybe you wanted--shell /bin/bash?), but you should be using it with background processes.--session-command does not call setsid() to allocate a new session (which has the effect, as you found, of allowing the continued use of the controlling tty and thus bash will give you process control being an interactive shell). This means its children can be assigned to any process group of the parent session, perhaps the session foreground pg or to avoiding killpg() or other classification based on process group id. It also retains the ability to send SIGCONT to any process in the session, though I'm not sure how abuseable that is.
Considering
--session-commandisn't on the man page of any major distro that I've heard of, it's likely a custom RHEL thing (google didn't help either).-cmakessuexecute the command you specify using whatever shell is defined in/etc/passwdfor the specified user. This makes it much likesudo, but as whatever user you select and know the password for.-cdoes not give an interactive shell, so anything requiring a tty will not work.I've also found that using -c does not create a tty: