Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SU(1)			    General Commands Manual			 SU(1)

NAME
       su -- substitute	user identity

SYNOPSIS
       su [-] [-flms] [-c class] [login	[args]]

DESCRIPTION
       The  su	utility	 requests  appropriate	user  credentials  via PAM and
       switches	to that	user ID	(the default user is the superuser).  A	 shell
       is then executed.

       PAM is used to set all policy.

       By  default,  the environment is	unmodified with	the exception of USER,
       HOME, and SHELL.	 HOME and SHELL	are set	to the target login's  default
       values.	USER is	set to the target login, unless	the target login has a
       user ID of 0, in	which case it is unmodified.  The invoked shell	is the
       one belonging to	the target login.  This	is the traditional behavior of
       su.   Resource  limits  and session priority applicable to the original
       user's login class (see login.conf(5)) are also normally	 retained  un-
       less the	target login has a user	ID of 0.

       The options are as follows:

       -f      If  the	invoked	 shell is csh(1), this option prevents it from
	       reading the ".cshrc" file.

       -l      Simulate	a full login.  The environment is discarded except for
	       HOME, SHELL, PATH, TERM,	and USER.  HOME	and SHELL are modified
	       as above.  USER is set to the target login.   PATH  is  set  to
	       "/bin:/usr/bin".	  TERM	is imported from your current environ-
	       ment.  Environment variables may	be set or overridden from  the
	       login class capabilities	database according to the class	of the
	       target  login.  The invoked shell is the	target login's,	and su
	       will change directory to	the  target  login's  home  directory.
	       Resource	 limits	 and session priority are modified to that for
	       the target account's login class.

       -       (no letter) The same as -l.

       -m      Leave the environment unmodified.  The invoked  shell  is  your
	       login  shell, and no directory changes are made.	 As a security
	       precaution, if the target user's	shell is a non-standard	 shell
	       (as  defined  by	 getusershell(3)) and the caller's real	uid is
	       non-zero, su will fail.

       -s      Set the MAC label to the	user's default label as	 part  of  the
	       user  credential	 setup.	 Setting the MAC label may fail	if the
	       MAC label of the	invoking process is not	sufficient to  transi-
	       tion  to	 the user's default MAC	label.	If the label cannot be
	       set, su will fail.

       -c class
	       Use the settings	of the specified login	class.	 Only  allowed
	       for the super-user.

       The -l (or -) and -m options are	mutually exclusive; the	last one spec-
       ified overrides any previous ones.

       If  the optional	args are provided on the command line, they are	passed
       to the login shell of the target	login.	Note that all command line ar-
       guments before the target login name are	processed by su	itself,	every-
       thing after the target login name get passed to the login shell.

       By default (unless the prompt is	reset by a startup  file)  the	super-
       user prompt is set to "#" to remind one of its awesome power.

FILES
       /etc/pam.conf  su is configured with PAM	support; it uses /etc/pam.conf
		      entries with service name	"su"

SEE ALSO
       csh(1), sh(1), group(5),	login.conf(5), passwd(5), environ(7), pam(8)

ENVIRONMENT
       Environment variables used by su:

       HOME  Default  home directory of	real user ID unless modified as	speci-
	     fied above.

       PATH  Default search path of real user ID unless	modified as  specified
	     above.

       TERM  Provides  terminal	type which may be retained for the substituted
	     user ID.

       USER  The user ID is always the effective ID (the target	user ID) after
	     an	su unless the user ID is 0 (root).

EXAMPLES
       su man -c catman
	      Runs the command catman as user man.   You  will	be  asked  for
	      man's password unless your real UID is 0.
       su man -c 'catman /usr/share/man	/usr/local/man /usr/X11R6/man'
	      Same  as	above,	but the	target command consists	of more	than a
	      single word and hence is quoted for use with the -c option being
	      passed to	the shell.  (Most shells expect	the argument to	-c  to
	      be a single word).
       su    -c	  staff	  man	-c   'catman   /usr/share/man	/usr/local/man
	      /usr/X11R6/man'
	      Same as above, but the target command is run with	 the  resource
	      limits  of  the login class "staff".  Note: in this example, the
	      first -c option applies to su while the second is	an argument to
	      the shell	being invoked.
       su -l foo
	      Simulate a login for user	foo.
       su - foo
	      Same as above.
       su -
	      Simulate a login for root.

HISTORY
       A su command appeared in	Version	1 AT&T UNIX.

FreeBSD	5.2.1			April 18, 1994				 SU(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=su&sektion=1&manpath=FreeBSD+5.2.1-RELEASE>

home | help