DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

su(1M)


su -- become another user

Synopsis

su [-] [name [arg . . .]

Description

su allows one to become another user without logging off. The default user name is root.

To use su, the appropriate password for the login name specified must be supplied (unless one is already root). The default password validation behavior can be altered via the PROMPT default parameter found in /etc/default/su.

Upon successful execution, su will execute a new shell with the real and effective user and group IDs and supplementary group list set to that of the specified user. The new shell will be the optional program named in the shell field of the specified user's password file entry (see passwd(4)) or /usr/bin/sh if none is specified (see sh(1)).

To restore the normal user ID environment, type an EOF character (<Ctrl><D>) to the new shell.

Any additional arguments given on the command line are passed to the program invoked as the shell. When using programs such as sh, an arg of the form:

-c string

executes string via the shell and an arg of -r gives the user a restricted shell.

The following statements are true only if the optional program named in the shell field of the specified user's password file entry is like sh. If the first argument to su is a -, the environment will be changed to what would be expected if the user actually logged in as the specified user. This is done by invoking the program used as the shell with an arg0 value whose first character is -, thus causing first the system's profile (/etc/profile for sh or ksh, or /etc/.login for csh) and then the specified user's profile (.profile in the new HOME directory) to be executed. Otherwise, the environment is passed along with the possible exception of PATH, which is set to ``/sbin:/usr/sbin:/usr/bin:/etc'' for root. Note that if the optional program used as the shell is /usr/bin/sh, the user's .profile can check arg0 for -sh or -su to determine if it was invoked by login or su, respectively. If the user's program is other than /usr/bin/sh, then .profile is invoked with an arg0 of -program by both login and su.

Note that if you are using csh, /etc/profile is replaced by /etc/.login and $HOME/.profile is replaced by $HOME/.login.

All attempts to become another user using su are logged in the log file /var/adm/sulog.

Files


/etc/passwd
system's password file

/etc/security/ia/master
system's I&A data file

/etc/profile
system's profile

/etc/.login
system's profile

$HOME/.profile
user's profile

$HOME/.login
user's profile

/var/adm/sulog
log file

/usr/lib/locale/locale/LC_MESSAGES/uxcore.abi
language-specific message file (see LANG on environ(5)).

/etc/default/su
default parameters in this file are:

SULOG:
If defined, all attempts to su to another user are logged in the indicated file.

CONSOLE:
If defined, all attempts to su root are logged on the console.

PATH:
Default path.

SUPATH:
Default path for a user invoking su root.

PROMPT:
If this parameter exists and is set to ``No'', the su command will not prompt for a password (even if one is defined for the login name); however, the invoking user must still have appropriate privilege to use su successfully. If this parameter does not exist, or is set to anything other than ``No'' (including NULL), su will prompt for a password when invoked and validate the password (if one is defined for the login name).

Examples

Become user bin while retaining your previously exported environment:

su bin

Become user bin but change the environment to what would be expected if bin had originally logged in:

su - bin

Execute command with the temporary environment and permissions of user bin:

su - bin -c "command args"

References

defadm(1M), env(1), login(1), passwd(4), profile(4), sh(1)

Notices

If you are using NIS, you must use the correct copy of this command. The program /sbin/su will ignore NIS password services. You must use /usr/bin/su when running in an NIS environment. Since /sbin is in the default path of some users before /usr/bin, particularly administrative logins such as root, you may need to invoke su with the full pathname to ensure the desired program is executed.
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004