FreeBSD Manual Pages
su(1M) System Administration Commands su(1M) NAME su - become superuser or another user SYNOPSIS su [-] [ username [ arg...]] DESCRIPTION The su command allows one to become another user without logging off or to assume a role. The default user name is root (superuser). To use su, the appropriate password must be supplied (unless the in- voker is already root). If the password is correct, su creates a new shell process that has the real and effective user ID, group IDs, and supplementary group list set to those of the specified username. Addi- tionally, the new shell's project ID is set to the default project ID of the specified user. See getdefaultproj(3PROJECT), setpro- ject(3PROJECT). The new shell will be the shell specified in the shell field of username's password file entry (see passwd(4)). If no shell is specified, /usr/bin/sh is used (see sh(1)). If superuser privilege is requested and the shell for the superuser cannot be invoked using exec(2), /sbin/sh is used as a fallback. To return to normal user ID privileges, type an EOF character (<CTRL-D>) to exit the new shell. Any additional arguments given on the command line are passed to the new shell. When using programs such as sh, an arg of the form -c string executes string using the shell and an arg of -r gives the user a re- stricted shell. To create a login environment, the command "su -" does the following: o In addition to what is already propagated, the LC* and LANG envi- ronment variables from the specified user's environment are also propagated. o Propagate TZ from the user's environment. If TZ is not found in the user's environment, su uses the TZ value from the TIMEZONE pa- rameter found in /etc/default/login. o Set MAIL to /var/mail/new_user. If the first argument to su is a dash (-), the environment will be changed to what would be expected if the user actually logged in as the specified user. Otherwise, the environment is passed along, with the exception of $PATH, which is controlled by PATH and SUPATH in /etc/de- fault/su. All attempts to become another user using su are logged in the log file /var/adm/sulog (see sulog(4)). SECURITY su uses pam(3PAM) with the service name su for authentication, account management, and credential establishment. EXAMPLES Example 1: Becoming User bin While Retaining Your Previously Exported Environment To become user bin while retaining your previously exported environ- ment, execute: example% su bin Example 2: Becoming User bin and Changing to bin's Login Environment To become user bin but change the environment to what would be expected if bin had originally logged in, execute: example% su - bin Example 3: Executing command with user bin's Environment and Permis- sions To execute command with the temporary environment and permissions of user bin, type: example% su - bin -c "command args" ENVIRONMENT VARIABLES Variables with LD_ prefix are removed for security reasons. Thus, su bin will not retain previously exported variables with LD_ prefix while becoming user bin. If any of the LC_* variables ( LC_CTYPE, LC_MESSAGES, LC_TIME, LC_COL- LATE, LC_NUMERIC, and LC_MONETARY) (see environ(5)) are not set in the environment, the operational behavior of su for each corresponding lo- cale category is determined by the value of the LANG environment vari- able. If LC_ALL is set, its contents are used to override both the LANG and the other LC_* variables. If none of the above variables are set in the environment, the "C" (U.S. style) locale determines how su behaves. LC_CTYPE Determines how su handles characters. When LC_CTYPE is set to a valid value, su can display and handle text and filenames containing valid characters for that lo- cale. su can display and handle Extended Unix Code (EUC) characters where any individual character can be 1, 2, or 3 bytes wide. su can also handle EUC charac- ters of 1, 2, or more column widths. In the "C" locale, only characters from ISO 8859-1 are valid. LC_MESSAGES Determines how diagnostic and informative messages are presented. This includes the language and style of the messages, and the correct form of affirmative and nega- tive responses. In the "C" locale, the messages are presented in the default form found in the program it- self (in most cases, U.S. English). FILES $HOME/.profile user's login commands for sh and ksh /etc/passwd system's password file /etc/profile system-wide sh and ksh login commands /var/adm/sulog log file /etc/default/su the default parameters in this file are: SULOG If defined, all attempts to su to another user are logged in the indicated file. CONSOLE If defined, all attempts to su to root are logged on the con- sole. PATH Default path. (/usr/bin:) SUPATH Default path for a user invok- ing su to root. (/usr/sbin:/usr/bin) SYSLOG Determines whether the sys- log(3C) LOG_AUTH facility should be used to log all su attempts. LOG_NOTICE messages are generated for su's to root, LOG_INFO messages are generated for su's to other users, and LOG_CRIT messages are generated for failed su attempts. /etc/default/login the default parameters in this file are: TIMEZONE Sets the TZ environment vari- able of the shell. ATTRIBUTES See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ SEE ALSO csh(1), env(1), ksh(1), login(1), roles(1), sh(1), syslogd(1M), exec(2), getdefaultproj(3PROJECT), setproject(3PROJECT), pam(3PAM), pam_authenticate(3PAM), pam_acct_mgmt(3PAM), pam_setcred(3PAM), pam.conf(4), passwd(4), profile(4), sulog(4), syslog(3C), at- tributes(5), environ(5) SunOS 5.10 26 Feb 2004 su(1M)
NAME | SYNOPSIS | DESCRIPTION | SECURITY | EXAMPLES | ENVIRONMENT VARIABLES | FILES | ATTRIBUTES | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=su&sektion=1m&manpath=SunOS+5.10>