su(1) C2 Trusted DG/UX 5.4.2T su(1)
NAME
su - become super-user or another user
SYNOPSIS
su [-] [name [arg ... ] ]
DESCRIPTION
su lets you become another user without logging off. The default
user name is root (i.e., superuser).
In order for a non-privileged user to be able to su to a user, that
user must be authorized for the su service in the A&A database. You
will then be prompted for a password. Enter the password associated
with the user's su service authorization. If the password is
correct, su will execute a new shell with the real and effective user
ID and privilege set to that of the specified user. Also, the
specified user's audit mask is OR'd into yours. (However, su does
not change your AUTHID.) The new shell will be the optional program
named in the shell field of the specified user's password file entry
(see passwd(4)), or /bin/sh if none is specified (see sh(1)). To
restore normal user ID privileges, type an EOF (Ctrl-D) to the new
shell.
Any additional arguments given on the command line are passed to the
program invoked as the shell. When using programs like sh(1), an arg
of the form -c string executes string via the shell and an arg of -r
will give the user a restricted shell.
The following statements are true only if the optional program named
in the shell field of the specified user's password file entry is
like sh(1):
If the first argument to su is a -, the environment is changed as if
you actually logged in as the specified user. You invoke the program
used as the shell with an arg0 value whose first character is -, thus
executing first the system's profile (/etc/profile) and then the
specified user's profile (.profile in the new HOME directory).
Otherwise, the environment is passed along with the possible
exception of $PATH, which is set to /bin:/etc:/usr/bin for root.
If the optional program used as the shell is /bin/sh, the user's
.profile can check arg0 for -sh or -su to determine if it was invoked
by login(1) or su(1), respectively. If the user's program is other
than /bin/sh, then .profile is invoked with an arg0 of -program by
both login(1) and su(1).
All attempts to become another user using su are logged in the log
file /usr/adm/sulog. This file contains the time and date when su
was invoked, a plus sign or a minus sign indicating the success or
failure (respectively) of the su command, the user's tty, the user's
login name, and the name to which the user attempted to change.
For example, the following entry shows that user morris, at tty06,
became root at 4:41pm on June 30.
Licensed material--property of copyright holder(s) 1
su(1) C2 Trusted DG/UX 5.4.2T su(1)
SU 06/30 16:41 + tty06 morris-root
The following entry shows an unsuccessful attempt to become root.
SU 06/24 13:55 - tty11 morris-root
EXAMPLES
To become user bin while retaining your previously exported
environment, execute:
su bin
To become user bin but change the environment to what would be
expected if bin had originally logged in, execute:
su - bin
To execute command with the temporary environment and permissions of
user bin, type:
su - bin -c "command args"
FILES
/etc/passwd System's password file
/etc/profile System's profile
$HOME/.profile User's profile
/usr/adm/sulog Log file
NOTES
If a user's su password expires, you will not be able to su to that
user. Thus, if the root password is allowed to expire, no one will be
allowed to become root.
SEE ALSO
env(1), login(1), sh(1).
passwd(4), profile(4), environ(5) in the Programmer's Reference for
the DG/UX System
Security Features User's Guide for the Trusted DG/UX System
Trusted Facility Manual for the C2 Trusted DG/UX System
Licensed material--property of copyright holder(s) 2