SU(1) BSD Reference Manual SU(1)NAMEsu - substitute user identity
SYNOPSISsu [-fKlm] [-a auth-type] [-c login-class] [login [argument ...]]
DESCRIPTION
Su requests the Kerberos password for login (or for ``login.root'', if no
login is provided), and switches to that user and group ID after obtain-
ing a Kerberos ticket granting ticket. A shell is then executed. Su
will resort to the local password file to find the password for login if
there is a Kerberos error, or if the system is not configured for Ker-
beros. If su is executed by root, no password is requested and a shell
with the appropriate user ID is executed; no additional Kerberos tickets
are obtained.
By default, the environment is unmodified with the exception of USER,
LOGNAME, HOME, and SHELL. HOME and SHELL are set to the target login's
default values. USER and LOGNAME are set to the target login, unless the
target login has a user ID of 0 and the -l flag was not specified, in
which case it is unmodified. The invoked shell is the target login's.
This is the traditional behavior of su.
If not using -m and the target login has a user ID of 0 then the PATH
variable and umask value (see umask(2)) are always set according to the
/etc/login.conf file (see login.conf(5)).
The options are as follows:
-a Specify an authentication type.
-c Specify a login class. You may only override the default class
if you're already root.
-f If the invoked shell is csh(1), this option prevents it from
reading the ``.cshrc'' file. (The [f] option may be passed as a
shell argument after the login name, so this option is redundant
and obsolescent.)
-K Do not attempt to use Kerberos to authenticate the user.
-l Simulate a full login. The environment is discarded except for
HOME, SHELL, PATH, TERM, LOGNAME, and USER. HOME and SHELL are
modified as above. USER and LOGNAME are set to the target login.
PATH is set to the path specified in the /etc/login.conf file.
TERM is imported from your current environment. The invoked
shell is the target login's, and su will change directory to the
target login's home directory.
-m Leave the environment unmodified. The invoked shell is your lo-
gin shell, and no directory changes are made. As a security pre-
caution, if the target user's shell is a non-standard shell (as
defined by getusershell(3)) and the caller's real uid is non-ze-
ro, su will fail.
The -l and -m options are mutually exclusive; the last one specified
overrides any previous ones.
Any arguments after the login name are passed to the shell. This feature
may be used to execute commands as another user without starting up an
interactive shell, which may be especially useful in the rc(8) script.
Only users in group 0 (normally ``wheel'') can su to ``root''.
By default (unless the prompt is reset by a startup file) the super-user
prompt is set to ``#'' to remind one of its awesome power.
EXAMPLESsu daemon /usr/contrib/lib/shell-script arguments
su news -c 'cd /var/spool/news; du -s * | mail usenet'
SEE ALSOcsh(1), kerberos(1), kinit(1), setusercontext(3), group(5),
login.conf(5), passwd(5), environ(7), login(8), sh(1)ENVIRONMENT
Environment variables used by su:
HOME Default home directory of real user ID unless modified as specified
above.
LOGNAME
Same as USER.
PATH Default search path of real user ID unless modified as specified
above.
TERM Provides terminal type which may be retained for the substituted
user ID.
USER The user ID is always the effective ID (the target user ID) after
an su unless the user ID is 0 (root) and the -l flag was not speci-
fied.
HISTORY
A su command appeared in Version 7 AT&T UNIX.
BUGS
There is no direct way to force a particular shell to be used.
The login name is not optional for root if there are shell arguments.
BSDI BSD/OS April 18, 1994 2