Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SU(1)			  BSD General Commands Manual			 SU(1)

     su	-- substitute user identity

     su	[-Kflm]	[-c class] [login [args]]

     Su	requests the Kerberos password for login (or for "login.root", if no
     login is provided), and switches to that user and group ID	after obtain-
     ing a Kerberos ticket granting ticket.  A shell is	then executed.	Su
     will resort to the	local password file to find the	password for login if
     there is a	Kerberos error.	 If su is executed by root, no password	is re-
     quested and a shell with the appropriate user ID is executed; no addi-
     tional Kerberos tickets are obtained.

     By	default, the environment is unmodified with the	exception of USER,
     HOME, and SHELL.  HOME and	SHELL are set to the target login's default
     values.  USER is set to the target	login, unless the target login has a
     user ID of	0, in which case it is unmodified.  The	invoked	shell is the
     target login's.  This is the traditional behavior of su.  Resource	limits
     and session priority applicable to	the original user's login class	(See
     login.conf(5)) are	also normally retained unless the target login as a
     user ID of	0.

     The options are as	follows:

     -K	     Do	not attempt to use Kerberos to authenticate the	user.

     -f	     If	the invoked shell is csh(1), this option prevents it from
	     reading the ".cshrc" file.

     -l	     Simulate a	full login.  The environment is	discarded except for
	     HOME, SHELL, PATH,	TERM, and USER.	 HOME and SHELL	are modified
	     as	above.	USER is	set to the target login.  PATH is set to
	     "/bin:/usr/bin".  TERM is imported	from your current environment.
	     Environment variables may be set or overridden from the login
	     class capabilities	database according to the class	of the target
	     login.  The invoked shell is the target login's, and su will
	     change directory to the target login's home directory.  Resource
	     limits and	session	priority are modified to that for the target
	     account's login class.

     -m	     Leave the environment unmodified.	The invoked shell is your lo-
	     gin shell,	and no directory changes are made.  As a security pre-
	     caution, if the target user's shell is a non-standard shell (as
	     defined by	getusershell(3)) and the caller's real uid is non-
	     zero, su will fail.

     -c	class
	     Use the settings of the specified login class. Only allowed for
	     the super-user.

     The -l and	-m options are mutually	exclusive; the last one	specified
     overrides any previous ones.

     If	the optional args are provided on the command line, they are passed to
     the login shell of	the target login.

     Only users	who are	a member of group 0 (normally "wheel") can su to
     "root".   If group	0 is missing or	empty, any user	can su to "root".

     By	default	(unless	the prompt is reset by a startup file) the super-user
     prompt is set to "#" to remind one	of its awesome power.

     csh(1), kerberos(1), kinit(1), login(1), sh(1), group(5), login.conf(5),
     passwd(5),	environ(7)

     Environment variables used	by su:

     HOME  Default home	directory of real user ID unless modified as specified

     PATH  Default search path of real user ID unless modified as specified

     TERM  Provides terminal type which	may be retained	for the	substituted
	   user	ID.

     USER  The user ID is always the effective ID (the target user ID) after
	   an su unless	the user ID is 0 (root).

     su	man -c catman
	    Runs the command catman as user man.  You will be asked for	man's
	    password unless your real UID is 0.
     su	man -c 'catman /usr/share/man /usr/local/man /usr/X11R6/man'
	    Same as above, but the target command constitutes of more than a
	    single word	and hence is quoted for	use with the -c	option being
	    passed to the shell.  (Most	shells expect the argument to -c to be
	    a single word).
     su	-c staff man -c	'catman	/usr/share/man /usr/local/man /usr/X11R6/man'
	    Same as above, but the target command is run with the resource
	    limits of the login	class "staff".	Note: in this example, the
	    first -c option applies to su while	the second is an argument to
	    the	shell being invoked.
     su	-l foo
	    Pretend a login for	user foo.

     A su command appeared in Version 1	AT&T UNIX.

BSD				April 18, 1994				   BSD


Want to link to this manual page? Use this URL:

home | help