Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
SU(1L)                                                                  SU(1L)

       su - run a shell with substitute user and group IDs

       su [-flmp] [-c command] [-s shell] [--login] [--fast] [--preserve-
       environment] [--command=command] [--shell=shell] [-] [--help]
       [--version] [user [arg...]]

       This manual page documents the GNU version of su.  su allows one user
       to temporarily become another user.  It runs a shell with the real and
       effective user ID, group ID, and supplemental groups of USER.  If no
       USER is given, the default is root, the super-user.  The shell run is
       taken from USER's password entry, or /bin/sh if none is specified
       there.  If USER has a password, su prompts for the password unless run
       by a user with real user ID 0 (the super-user).

       By default, su does not change the current directory.  It sets the
       environment variables `HOME' and `SHELL' from the password entry for
       USER, and if USER is not the super-user, sets `USER' and `LOGNAME' to
       USER.  By default, the shell is not a login shell.

       If one or more ARGs are given, they are passed as additional arguments
       to the shell.

       su does not handle /bin/sh or other shells specially (setting argv[0]
       to "-su", passing -c only to certain shells, etc.).

       On systems that have syslog, su can be compiled to report failed, and
       optionally successful, su attempts using syslog.

       This program does not support a "wheel group" that restricts who can su
       to super-user accounts, because that can help fascist system
       administrators hold unwarranted power over other users.

       -c COMMAND, --command=COMMAND
              Pass COMMAND, a single command line to run, to the shell with a
              -c option instead of starting an interactive shell.

       -f, --fast
              Pass the -f option to the shell.  This probably only makes sense
              with csh and tcsh, for which the -f option prevents reading the
              startup file (.cshrc).  With Bourne-like shells, the -f option
              disables filename pattern expansion, which is not a generally
              desirable thing to do.

       --help Print a usage message on standard output and exit successfully.

       -, -l, --login
              Make the shell a login shell.  This means the following.  Unset
              all environment variables except `TERM', `HOME', and `SHELL'
              (which are set as described above), and `USER' and `LOGNAME'
              (which are set, even for the super-user, as described above),
              and set `PATH' to a compiled-in default value.  Change to USER's
              home directory.  Prepend "-" to the shell's name, to make it
              read its login startup file(s).

       -m, -p, --preserve-environment
              Do not change the environment variables `HOME', `USER',
              `LOGNAME', or `SHELL'.  Run the shell given in the environment
              variable `SHELL' instead of USER's shell from /etc/passwd,
              unless the user running su is not the superuser and USER's shell
              is restricted.  A restricted shell is one that is not listed in
              the file /etc/shells, or in a compiled-in list if that file does
              not exist.  Parts of what this option does can be overridden by
              --login and --shell.

       -s, --shell shell
              Run SHELL instead of USER's shell from /etc/passwd, unless the
              user running su is not the superuser and USER's shell is

              Print version information on standard output then exit

Why GNU su does not support the wheel group (by Richard Stallman)
       Sometimes a few of the users try to hold total power over all the rest.
       For example, in 1984, a few users at the MIT AI lab decided to seize
       power by changing the operator password on the Twenex system and
       keeping it secret from everyone else.  (I was able to thwart this coup
       and give power back to the users by patching the kernel, but I wouldn't
       know how to do that in Unix.)

       However, occasionally the rulers do tell someone.  Under the usual su
       mechanism, once someone learns the root password who sympathizes with
       the ordinary users, he can tell the rest.  The "wheel group" feature
       would make this impossible, and thus cement the power of the rulers.

       I'm on the side of the masses, not that of the rulers.  If you are used
       to supporting the bosses and sysadmins in whatever they do, you might
       find this idea strange at first.

FSF                           GNU Shell Utilities                       SU(1L)

NAME | SYNOPSIS | DESCRIPTION | Why GNU su does not support the wheel group (by Richard Stallman)

Want to link to this manual page? Use this URL:

home | help