Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ su(1) — DG/UX 5.4.2T

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

env(1)

login(1)

sh(1)

passwd(4)

profile(4)

environ(5)



su(1)                      C2 Trusted DG/UX 5.4.2T                     su(1)


NAME
       su - become super-user or another user

SYNOPSIS
       su [-] [name [arg ... ] ]

DESCRIPTION
       su lets you become another user without logging off.  The default
       user name is root (i.e., superuser).

       In order for a non-privileged user to be able to su to a user, that
       user must be authorized for the su service in the A&A database. You
       will then be prompted for a password. Enter the password associated
       with the user's su service authorization.  If the password is
       correct, su will execute a new shell with the real and effective user
       ID and privilege set to that of the specified user.  Also, the
       specified user's audit mask is OR'd into yours.  (However, su does
       not change your AUTHID.)  The new shell will be the optional program
       named in the shell field of the specified user's password file entry
       (see passwd(4)), or /bin/sh if none is specified (see sh(1)).  To
       restore normal user ID privileges, type an EOF (Ctrl-D) to the new
       shell.

       Any additional arguments given on the command line are passed to the
       program invoked as the shell.  When using programs like sh(1), an arg
       of the form -c string executes string via the shell and an arg of -r
       will give the user a restricted shell.

       The following statements are true only if the optional program named
       in the shell field of the specified user's password file entry is
       like sh(1):

       If the first argument to su is a -, the environment is changed as if
       you actually logged in as the specified user.  You invoke the program
       used as the shell with an arg0 value whose first character is -, thus
       executing first the system's profile (/etc/profile) and then the
       specified user's profile (.profile in the new HOME directory).
       Otherwise, the environment is passed along with the possible
       exception of $PATH, which is set to /bin:/etc:/usr/bin for root.

       If the optional program used as the shell is /bin/sh, the user's
       .profile can check arg0 for -sh or -su to determine if it was invoked
       by login(1) or su(1), respectively.  If the user's program is other
       than /bin/sh, then .profile is invoked with an arg0 of -program by
       both login(1) and su(1).

       All attempts to become another user using su are logged in the log
       file /usr/adm/sulog.  This file contains the time and date when su
       was invoked, a plus sign or a minus sign indicating the success or
       failure (respectively) of the su command, the user's tty, the user's
       login name, and the name to which the user attempted to change.

       For example, the following entry shows that user morris, at tty06,
       became root at 4:41pm on June 30.



Licensed material--property of copyright holder(s)                         1




su(1)                      C2 Trusted DG/UX 5.4.2T                     su(1)


       SU 06/30 16:41 + tty06 morris-root

       The following entry shows an unsuccessful attempt to become root.

       SU 06/24 13:55 - tty11 morris-root

EXAMPLES
       To become user bin while retaining your previously exported
       environment, execute:

              su bin

       To become user bin but change the environment to what would be
       expected if bin had originally logged in, execute:

              su - bin

       To execute command with the temporary environment and permissions of
       user bin, type:

              su - bin -c "command args"

FILES
       /etc/passwd     System's password file
       /etc/profile    System's profile
       $HOME/.profile  User's profile
       /usr/adm/sulog  Log file

NOTES
       If a user's su password expires, you will not be able to su to that
       user. Thus, if the root password is allowed to expire, no one will be
       allowed to become root.

SEE ALSO
       env(1), login(1), sh(1).
       passwd(4), profile(4), environ(5) in the Programmer's Reference for
       the DG/UX System

       Security Features User's Guide for the Trusted DG/UX System
       Trusted Facility Manual for the C2 Trusted DG/UX System

















Licensed material--property of copyright holder(s)                         2


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026