SU(1) | General Commands Manual | SU(1) |
su
— substitute
user identity
su |
[-fKLlm ]
[-a auth-type]
[-c login-class]
[-s login-shell]
[login [shell
arguments]] |
The su
utility allows a user to run a
shell with the user and group ID of another user without having to log out
and in as that other user. All of the real, effective, and saved user and
group IDs as well as all supplementary group IDs are always set according to
the target user. If the target login name is not
specified, “root” is used.
By default, the shell of the target login is invoked and the
SHELL
and HOME
environment
variables are set according to the target login, whereas the current working
directory remains unchanged. If the target login has a user ID of 0,
LOGNAME
and USER
are
preserved and PATH
and the
umask(2) value are set according to
login.conf(5); otherwise,
LOGNAME
and USER
are set to
the target login and PATH
and the
umask(2) value are preserved. The
TERM
environment variable is always preserved. The
rest of the environment remains unmodified by default.
The options are as follows:
-
-l
option (deprecated).-a
auth-type-c
login-class-f
-l
option is used. Useful to skip reading shell
initialization files.-K
su
-a
passwd”, provided
for backwards compatibility.-L
su
will prompt for the password even when invoked
by root.-l
HOME
, SHELL
,
LOGNAME
, and USER
are set
to the default values for the target login. PATH
and the umask(2) value are set according
to login.conf(5). Except for
preserving TERM
, the rest of the environment is
discarded.-m
su
will fail.-s
login-shell-m
option is specified.The -l
and -m
options are mutually exclusive; the last one specified overrides any
previous ones.
If the optional shell arguments are provided
on the command line, they are passed to the login shell of the target login.
This allows it to pass arbitrary commands via the -c
option as understood by most shells. Note that -c
usually expects a single argument only; you have to quote it when passing
multiple words.
If group 0 (normally “wheel”) has users listed then
only those users can su
to “root”. It
is not sufficient to change a user's /etc/passwd
entry to add them to the “wheel” group; they must explicitly
be listed in /etc/group. If no one is in the
“wheel” group, it is ignored, and anyone who knows the root
password is permitted to su
to
“root”.
The following list provides the values of environment variables in
the new shell that is started by su
.
HOME
-m
.LOGNAME
-m
is given.PATH
-l
is given.PWD
-l
.SHELL
-m
.TERM
USER
LOGNAME
.Run the command “makewhatis” as user “bin”. You will be asked for bin's password unless your real UID is 0.
$ su bin -c makewhatis
Same as above, but the target command consists of more than a single word:
$ su bin -c 'makewhatis
/usr/local/man'
Same as above, but the target command is run with the resource
limits of the login class “staff”. Note that the first
-c
option applies to su
while the second is an argument to the shell.
$ su -c staff bin -c 'makewhatis
/usr/local/man'
Pretend a login for user “foo”:
$ su -l foo
Same as above, but use S/Key for authentication:
$ su -a skey -l foo
doas(1), login(1), setusercontext(3), group(5), login.conf(5), passwd(5), environ(7)
A su
command first appeared in
Version 1 AT&T UNIX.
The login name is not optional for root if there are shell arguments.
July 8, 2020 | OpenBSD-current |