SU(1) | General Commands Manual | SU(1) |
su
— substitute
user identity
su |
[-fKLlm ]
[-a auth-type]
[-c login-class]
[-s login-shell]
[login [shell
arguments]] |
The su
utility allows a user to run a
shell with the user and group ID of another user without having to log out
and in as that other user.
By default, the environment is unmodified with the exception of
LOGNAME
, HOME
,
SHELL
, and USER
.
HOME
and SHELL
are set to
the target login's default values. LOGNAME
and
USER
are set to the target login, unless the target
login has a user ID of 0 and the -l
flag was not
specified, in which case it is unmodified. The invoked shell is the target
login's. This is the traditional behavior of su
.
If not using -m
and the target login has a
user ID of 0 then the PATH
variable and umask value
(see umask(2)) are always set
according to the /etc/login.conf file (see
login.conf(5)).
The options are as follows:
-
-l
option (deprecated).-a
auth-type-c
login-class-f
-K
su
-a
passwd”, provided
for backwards compatibility.-L
su
will prompt for the password even when invoked
by root.-l
HOME
, SHELL
,
PATH
, TERM
,
LOGNAME
, and USER
.
HOME
and SHELL
are
modified as above. LOGNAME
and
USER
are set to the target login.
PATH
is set to the value specified by the
“path” entry in
login.conf(5).
TERM
is imported from your current environment.
The invoked shell is the target login's, and su
will change directory to the target login's home directory.-m
su
will
fail.-s
login-shell-m
option is specified.The -l
and -m
options are mutually exclusive; the last one specified overrides any
previous ones.
If the optional shell arguments are provided
on the command line, they are passed to the login shell of the target login.
This allows it to pass arbitrary commands via the -c
option as understood by most shells. Note that -c
usually expects a single argument only; you have to quote it when passing
multiple words.
If group 0 (normally “wheel”) has users listed then
only those users can su
to “root”. It
is not sufficient to change a user's /etc/passwd
entry to add them to the “wheel” group; they must explicitly
be listed in /etc/group. If no one is in the
“wheel” group, it is ignored, and anyone who knows the root
password is permitted to su
to
“root”.
By default (unless the prompt is reset by a startup file) the superuser prompt is set to “#” to remind one of its awesome power.
HOME
LOGNAME
su
unless the user ID is 0 (root).PATH
TERM
USER
LOGNAME
.Run the command “makewhatis” as user “bin”. You will be asked for bin's password unless your real UID is 0.
$ su bin -c makewhatis
Same as above, but the target command consists of more than a single word:
$ su bin -c 'makewhatis
/usr/local/man'
Same as above, but the target command is run with the resource
limits of the login class “staff”. Note that the first
-c
option applies to su
while the second is an argument to the shell.
$ su -c staff bin -c 'makewhatis
/usr/local/man'
Pretend a login for user “foo”:
$ su -l foo
Same as above, but use S/Key for authentication:
$ su -a skey -l foo
doas(1), login(1), setusercontext(3), group(5), login.conf(5), passwd(5), environ(7)
A su
command appeared in
Version 7 AT&T UNIX.
The login name is not optional for root if there are shell arguments.
July 30, 2015 | OpenBSD-6.1 |