Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SU(1)                   FreeBSD General Commands Manual                  SU(1)

     su -- substitute user identity

     su [-] [-Kflm] [-c class] [login [args]]

     The su utility requests the Kerberos password for login (or for
     ``login.root'', if no login is provided), and switches to that user and
     group ID after obtaining a Kerberos ticket granting ticket.  A shell is
     then executed.  The su utility will resort to the local password file to
     find the password for login if there is a Kerberos error.  If su is exe-
     cuted by root, no password is requested and a shell with the appropriate
     user ID is executed; no additional Kerberos tickets are obtained.

     By default, the environment is unmodified with the exception of USER,
     HOME, and SHELL.  HOME and SHELL are set to the target login's default
     values.  USER is set to the target login, unless the target login has a
     user ID of 0, in which case it is unmodified.  The invoked shell is the
     target login's.  This is the traditional behavior of su.  Resource limits
     and session priority applicable to the original user's login class (See
     login.conf(5)) are also normally retained unless the target login has a
     user ID of 0.

     The options are as follows:

     -K      Do not attempt to use Kerberos to authenticate the user.

     -f      If the invoked shell is csh(1), this option prevents it from
             reading the ``.cshrc'' file.

     -l      Simulate a full login.  The environment is discarded except for
             HOME, SHELL, PATH, TERM, and USER.  HOME and SHELL are modified
             as above.  USER is set to the target login.  PATH is set to
             ``/bin:/usr/bin''.  TERM is imported from your current environ-
             ment.  Environment variables may be set or overridden from the
             login class capabilities database according to the class of the
             target login.  The invoked shell is the target login's, and su
             will change directory to the target login's home directory.
             Resource limits and session priority are modified to that for the
             target account's login class.

     -       (no letter) The same as -l.

     -m      Leave the environment unmodified.  The invoked shell is your
             login shell, and no directory changes are made.  As a security
             precaution, if the target user's shell is a non-standard shell
             (as defined by getusershell(3)) and the caller's real uid is non-
             zero, su will fail.

     -c class
             Use the settings of the specified login class.  Only allowed for
             the super-user.

     The -l (or -) and -m options are mutually exclusive; the last one speci-
     fied overrides any previous ones.

     If the optional args are provided on the command line, they are passed to
     the login shell of the target login.

     Only users who are a member of group 0 (normally ``wheel'') can su to
     ``root''.   If group 0 is missing or empty, any user can su to ``root''.

     By default (unless the prompt is reset by a startup file) the super-user
     prompt is set to ``#'' to remind one of its awesome power.

     /etc/auth.conf  configure authentication services

     csh(1), kerberos(1), kinit(1), login(1), sh(1), group(5), login.conf(5),
     passwd(5), environ(7)

     Environment variables used by su:

     HOME  Default home directory of real user ID unless modified as specified

     PATH  Default search path of real user ID unless modified as specified

     TERM  Provides terminal type which may be retained for the substituted
           user ID.

     USER  The user ID is always the effective ID (the target user ID) after
           an su unless the user ID is 0 (root).

     su man -c catman
            Runs the command catman as user man.  You will be asked for man's
            password unless your real UID is 0.
     su man -c 'catman /usr/share/man /usr/local/man /usr/X11R6/man'
            Same as above, but the target command consists of more than a sin-
            gle word and hence is quoted for use with the -c option being
            passed to the shell.  (Most shells expect the argument to -c to be
            a single word).
     su -c staff man -c 'catman /usr/share/man /usr/local/man /usr/X11R6/man'
            Same as above, but the target command is run with the resource
            limits of the login class ``staff''.  Note: in this example, the
            first -c option applies to su while the second is an argument to
            the shell being invoked.
     su -l foo
            Simulate a login for user foo.
     su - foo
            Same as above.
     su -
            Simulate a login for root.

     A su command appeared in Version 1 AT&T UNIX.

FreeBSD 4.10                    April 18, 1994                    FreeBSD 4.10


Want to link to this manual page? Use this URL:

home | help