Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SU(1)			    General Commands Manual			 SU(1)

NAME
       su -- substitute	user identity

SYNOPSIS
       su [-] [-Kflm] [-c class] [login	[args]]

DESCRIPTION
       The  su	utility	 requests  the	Kerberos  password  for	 login (or for
       "login.root", if	no login is provided), and switches to that  user  and
       group ID	after obtaining	a Kerberos ticket granting ticket.  A shell is
       then  executed.	 The su	utility	will resort to the local password file
       to find the password for	login if there is a Kerberos error.  If	su  is
       executed	 by root, no password is requested and a shell with the	appro-
       priate user ID is executed; no  additional  Kerberos  tickets  are  ob-
       tained.

       By  default,  the environment is	unmodified with	the exception of USER,
       HOME, and SHELL.	 HOME and SHELL	are set	to the target login's  default
       values.	USER is	set to the target login, unless	the target login has a
       user ID of 0, in	which case it is unmodified.  The invoked shell	is the
       target login's.	This is	the traditional	behavior of su.	 Resource lim-
       its  and	session	priority applicable to the original user's login class
       (See login.conf(5)) are also normally retained unless the target	 login
       has a user ID of	0.

       The options are as follows:

       -K      Do not attempt to use Kerberos to authenticate the user.

       -f      If  the	invoked	 shell is csh(1), this option prevents it from
	       reading the ".cshrc" file.

       -l      Simulate	a full login.  The environment is discarded except for
	       HOME, SHELL, PATH, TERM,	and USER.  HOME	and SHELL are modified
	       as above.  USER is set to the target login.   PATH  is  set  to
	       "/bin:/usr/bin".	  TERM	is imported from your current environ-
	       ment.  Environment variables may	be set or overridden from  the
	       login class capabilities	database according to the class	of the
	       target  login.  The invoked shell is the	target login's,	and su
	       will change directory to	the  target  login's  home  directory.
	       Resource	 limits	 and session priority are modified to that for
	       the target account's login class.

       -       (no letter) The same as -l.

       -m      Leave the environment unmodified.  The invoked  shell  is  your
	       login  shell, and no directory changes are made.	 As a security
	       precaution, if the target user's	shell is a non-standard	 shell
	       (as  defined  by	 getusershell(3)) and the caller's real	uid is
	       non-zero, su will fail.

       -c class
	       Use the settings	of the specified login	class.	 Only  allowed
	       for the super-user.

       The -l (or -) and -m options are	mutually exclusive; the	last one spec-
       ified overrides any previous ones.

       If  the optional	args are provided on the command line, they are	passed
       to the login shell of the target	login.

       Only users who are a member of group 0 (normally	 "wheel")  can	su  to
       "root".	 If group 0 is missing or empty, any user can su to "root".

       By  default  (unless  the prompt	is reset by a startup file) the	super-
       user prompt is set to "#" to remind one of its awesome power.

FILES
       /etc/auth.conf  configure authentication	services

SEE ALSO
       csh(1),	 kerberos(1),	 kinit(1),    login(1),	   sh(1),    group(5),
       login.conf(5), passwd(5), environ(7)

ENVIRONMENT
       Environment variables used by su:

       HOME  Default  home directory of	real user ID unless modified as	speci-
	     fied above.

       PATH  Default search path of real user ID unless	modified as  specified
	     above.

       TERM  Provides  terminal	type which may be retained for the substituted
	     user ID.

       USER  The user ID is always the effective ID (the target	user ID) after
	     an	su unless the user ID is 0 (root).

EXAMPLES
       su man -c catman
	      Runs the command catman as user man.   You  will	be  asked  for
	      man's password unless your real UID is 0.
       su man -c 'catman /usr/share/man	/usr/local/man /usr/X11R6/man'
	      Same  as	above,	but the	target command consists	of more	than a
	      single word and hence is quoted for use with the -c option being
	      passed to	the shell.  (Most shells expect	the argument to	-c  to
	      be a single word).
       su    -c	  staff	  man	-c   'catman   /usr/share/man	/usr/local/man
	      /usr/X11R6/man'
	      Same as above, but the target command is run with	 the  resource
	      limits  of  the login class "staff".  Note: in this example, the
	      first -c option applies to su while the second is	an argument to
	      the shell	being invoked.
       su -l foo
	      Simulate a login for user	foo.
       su - foo
	      Same as above.
       su -
	      Simulate a login for root.

HISTORY
       A su command appeared in	Version	1 AT&T UNIX.

FreeBSD	4.7			April 18, 1994				 SU(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=su&sektion=1&manpath=FreeBSD+4.7-RELEASE>

home | help