FreeBSD Manual Pages

home | help
SU(1)			    General Commands Manual			 SU(1)

NAME
       su -- substitute	user identity

SYNOPSIS
       su [-] [-c class] [-flms] [login	[args]]

DESCRIPTION
       The  su	utility	 requests  appropriate	user  credentials  via PAM and
       switches	to that	user ID	(the default user is the superuser).  A	 shell
       is then executed.

       PAM  is	used  to set the policy	su(1) will use.	 In particular,	by de-
       fault only users	in the "wheel" group can switch	 to  UID  0  ("root").
       This group requirement may be changed by	modifying the "pam_group" sec-
       tion  of	 /etc/pam.d/su.	 See pam_group(8) for details on how to	modify
       this setting.

       By default, the environment is unmodified with the exception  of	 USER,
       HOME,  and SHELL.  HOME and SHELL are set to the	target login's default
       values.	USER is	set to the target login, unless	the target login has a
       user ID of 0, in	which case it is unmodified.  The invoked shell	is the
       one belonging to	the target login.  This	is the traditional behavior of
       su.  Resource limits and	session	priority applicable  to	 the  original
       user's  login  class (see login.conf(5))	are also normally retained un-
       less the	target login has a user	ID of 0.

       The options are as follows:

       -c class
	       Use the settings	of the specified login class.  The login class
	       must be defined in login.conf(5).  Only allowed for the	super-
	       user.

       -f      If  the	invoked	 shell is csh(1), this option prevents it from
	       reading the ".cshrc" file.

       -l      Simulate	a full login.  The environment is discarded except for
	       HOME, SHELL, PATH, TERM,	and USER.  HOME	and SHELL are modified
	       as above.  USER is set to the target login.   PATH  is  set  to
	       "/bin:/usr/bin".	  TERM	is imported from your current environ-
	       ment.  Environment variables may	be set or overridden from  the
	       login class capabilities	database according to the class	of the
	       target  login.  The invoked shell is the	target login's,	and su
	       will change directory to	the  target  login's  home  directory.
	       Resource	 limits	 and session priority are modified to that for
	       the target account's login class.

       -       (no letter) The same as -l.

       -m      Leave the environment unmodified.  The invoked  shell  is  your
	       login  shell, and no directory changes are made.	 As a security
	       precaution, if the target user's	shell is a non-standard	 shell
	       (as  defined  by	 getusershell(3)) and the caller's real	uid is
	       non-zero, su will fail.

       -s      Set the MAC label to the	user's default label as	 part  of  the
	       user  credential	 setup.	 Setting the MAC label may fail	if the
	       MAC label of the	invoking process is not	sufficient to  transi-
	       tion  to	 the user's default MAC	label.	If the label cannot be
	       set, su will fail.

       The -l (or -) and -m options are	mutually exclusive; the	last one spec-
       ified overrides any previous ones.

       If the optional args are	provided on the	command	line, they are	passed
       to the login shell of the target	login.	Note that all command line ar-
       guments before the target login name are	processed by su	itself,	every-
       thing after the target login name gets passed to	the login shell.

       By  default  (unless  the prompt	is reset by a startup file) the	super-
       user prompt is set to "#" to remind one of its awesome power.

ENVIRONMENT
       Environment variables used by su:

       HOME  Default home directory of real user ID unless modified as	speci-
	     fied above.

       PATH  Default  search path of real user ID unless modified as specified
	     above.

       TERM  Provides terminal type which may be retained for the  substituted
	     user ID.

       USER  The user ID is always the effective ID (the target	user ID) after
	     an	su unless the user ID is 0 (root).

FILES
       /etc/pam.d/su  PAM configuration	for su.

EXAMPLES
       su -m operator -c poweroff
	      Starts  a	shell as user operator,	and runs the command poweroff.
	      You will be asked	for operator's password	unless your  real  UID
	      is 0.  Note that the -m option is	required since user "operator"
	      does  not	have a valid shell by default.	In this	example, -c is
	      passed to	the shell of the user "operator", and  is  not	inter-
	      preted as	an argument to su.
       su -m operator -c 'shutdown -p now'
	      Same  as	above,	but the	target command consists	of more	than a
	      single word and hence is quoted for use with the -c option being
	      passed to	the shell.  (Most shells expect	the argument to	-c  to
	      be a single word).
       su -m -c	staff operator -c 'shutdown -p now'
	      Same  as	above, but the target command is run with the resource
	      limits of	the login class	"staff".  Note:	in this	 example,  the
	      first -c option applies to su while the second is	an argument to
	      the shell	being invoked.
       su -l foo
	      Simulate a login for user	foo.
       su - foo
	      Same as above.
       su -   Simulate a login for root.

SEE ALSO
       csh(1),	 sh(1),	  group(5),   login.conf(5),   passwd(5),  environ(7),
       pam_group(8)

HISTORY
       A su command appeared in	Version	1 AT&T UNIX.

FreeBSD	13.2			March 26, 2020				 SU(1)
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=su&sektion=1&manpath=FreeBSD+14.2-RELEASE+and+Ports>
home | help
Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages
