What is the difference between "su -" and "su" ?

The main difference between su - and su is that the former makes the shell a login shell. This is very important especially if the user is going to su from a regular user account to a root (superuser) account. Normal users do not usually have /sbin/ and /usr/sbin/ in their search path. Therefore if a normal user wants to execute the command ifconfig, for example, after doing su, he usually gets the error message:

bash: ifconfig: command not found

With su -, on the other hand, root's .bashrc and .bash_profile and other special environment settings get sourced and this puts the sbin directories into the search path. Below is a sample session:

[testuser@localhost ~]$ su
Password:
[root@localhost testuser]# echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/home/testuser/bin
[root@localhost testuser]# ifconfig
bash: ifconfig: command not found
[root@localhost testuser]# exit
exit
[testuser@localhost ~]$ su -
Password:
[root@localhost ~]# echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:A0:CC:39:75:41
inet addr:192.168.44.146 Bcast:172.16.45.255 Mask:255.255.254.0
inet6 addr: fe80::2a0:ccff:fe39:7541/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21619559 errors:1 dropped:0 overruns:0 frame:87
TX packets:21190195 errors:4 dropped:0 overruns:4 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1509569968 (1.4 GiB) TX bytes:2280347397 (2.1 GiB)
Interrupt:177 Base address:0x6800

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6159 errors:0 dropped:0 overruns:0 frame:0
TX packets:6159 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3784618 (3.6 MiB) TX bytes:3784618 (3.6 MiB)