Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SU(1L)									SU(1L)

       su - run	a shell	with substitute	user and group IDs

       su [-flmp] [-c command] [-s shell] [--login] [--fast] [--preserve-envi-
       ronment]	[--command=command] [--shell=shell] [-]	 [--help]  [--version]
       [user [arg...]]

       This  manual  page documents the	GNU version of su.  su allows one user
       to temporarily become another user.  It runs a shell with the real  and
       effective  user	ID,  group ID, and supplemental	groups of USER.	 If no
       USER is given, the default is root, the super-user.  The	shell  run  is
       taken  from  USER's  password  entry,  or  /bin/sh if none is specified
       there.  If USER has a password, su prompts for the password unless  run
       by a user with real user	ID 0 (the super-user).

       By  default, su does not	change the current directory.  It sets the en-
       vironment variables `HOME' and `SHELL'  from  the  password  entry  for
       USER,  and  if USER is not the super-user, sets `USER' and `LOGNAME' to
       USER.  By default, the shell is not a login shell.

       If one or more ARGs are given, they are passed as additional  arguments
       to the shell.

       su  does	 not handle /bin/sh or other shells specially (setting argv[0]
       to "-su", passing -c only to certain shells, etc.).

       On systems that have syslog, su can be compiled to report  failed,  and
       optionally successful, su attempts using	syslog.

       This program does not support a "wheel group" that restricts who	can su
       to super-user accounts, because that can	help fascist  system  adminis-
       trators hold unwarranted	power over other users.

       -c COMMAND, --command=COMMAND
	      Pass  COMMAND, a single command line to run, to the shell	with a
	      -c option	instead	of starting an interactive shell.

       -f, --fast
	      Pass the -f option to the	shell.	This probably only makes sense
	      with  csh	and tcsh, for which the	-f option prevents reading the
	      startup file (.cshrc).  With Bourne-like shells, the  -f	option
	      disables	filename  pattern  expansion, which is not a generally
	      desirable	thing to do.

       --help Print a usage message on standard	output and exit	successfully.

       -, -l, --login
	      Make the shell a login shell.  This means	the following.	 Unset
	      all  environment	variables  except  `TERM', `HOME', and `SHELL'
	      (which are set as	described above),  and	`USER'	and  `LOGNAME'
	      (which  are  set,	 even for the super-user, as described above),
	      and set `PATH' to	a compiled-in default value.  Change to	USER's
	      home  directory.	 Prepend  "-"  to the shell's name, to make it
	      read its login startup file(s).

       -m, -p, --preserve-environment
	      Do not change the	environment variables  `HOME',	`USER',	 `LOG-
	      NAME', or	`SHELL'.  Run the shell	given in the environment vari-
	      able `SHELL' instead of USER's shell  from  /etc/passwd,	unless
	      the user running su is not the superuser and USER's shell	is re-
	      stricted.	 A restricted shell is one that	is not listed  in  the
	      file /etc/shells,	or in a	compiled-in list if that file does not
	      exist.  Parts of what this option	 does  can  be	overridden  by
	      --login and --shell.

       -s, --shell shell
	      Run  SHELL  instead of USER's shell from /etc/passwd, unless the
	      user running su is not the superuser and	USER's	shell  is  re-

	      Print  version information on standard output then exit success-

Why GNU	su does	not support the	wheel group (by	Richard	Stallman)
       Sometimes a few of the users try	to hold	total power over all the rest.
       For  example,  in  1984,	a few users at the MIT AI lab decided to seize
       power by	changing the operator password on the Twenex system and	 keep-
       ing  it secret from everyone else.  (I was able to thwart this coup and
       give power back to the users by patching	the  kernel,  but  I  wouldn't
       know how	to do that in Unix.)

       However,	 occasionally  the rulers do tell someone.  Under the usual su
       mechanism, once someone learns the root password	who  sympathizes  with
       the  ordinary  users,  he can tell the rest.  The "wheel	group" feature
       would make this impossible, and thus cement the power of	the rulers.

       I'm on the side of the masses, not that of the rulers.  If you are used
       to  supporting  the bosses and sysadmins	in whatever they do, you might
       find this idea strange at first.

FSF			      GNU Shell	Utilities			SU(1L)

NAME | SYNOPSIS | DESCRIPTION | Why GNU su does not support the wheel group (by Richard Stallman)

Want to link to this manual page? Use this URL:

home | help