Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ su(1) — DG/UX R4.11

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

env(1)

login(1)

sh(1)

passwd(4)

profile(4)

environ(5)



su(1)                            DG/UX R4.11                           su(1)


NAME
       su - switch username (become another user)

SYNOPSIS
       su [-] [name [arg ... ] ]

DESCRIPTION
       Su lets you become another user without logging off.  The default
       user name is root.

       To use su on a generic DG/UX system, supply the appropriate password
       (unless it's already root).

       On a system with DG/UX information security, in order for a non-
       privileged user to be able to su to a user, that user must be
       authorized for the su service in the A&A database.  You will then be
       prompted for a password.  Enter the password associated with the
       user's su service authorization.  If the password is correct, su will
       execute a new shell with the real and effective user ID set to that
       of the specified user.  Also, on a system with DG/UX information
       security, privilege is set to that of the specified user.  And the
       specified user's audit mask is OR'd into yours.  (However, su does
       not change your AUTHID.)  The new shell will be the optional program
       named in the shell field of the specified user's password file entry
       (see passwd(4)), or /bin/sh if none is specified (see sh(1)).  To
       restore normal user ID privileges, type an EOF (Ctrl-D) to the new
       shell.

       On a trusted system with mandatory access control (MAC), su does not
       change the process clearance (MAC label) when switching to the new
       user id.  However, su does ensure that the destination user's su
       authorization does allow you to su at your current process clearance.
       If it does not allow this, su will fail.  In addition, su attempts to
       reset the process directory mode to virtual.  If it cannot do so, it
       will also fail.

       Any additional arguments given on the command line are passed to the
       program invoked as the shell.  When using programs like sh(1), an arg
       of the form -c string executes string via the shell and an arg of -r
       will give the user a restricted shell.

       The following statements are true only if the optional program named
       in the shell field of the specified user's password file entry is
       like sh(1):

       If the first argument to su is a -, the environment is changed as if
       you actually logged in as the specified user.  You invoke the program
       used as the shell with an arg0 value whose first character is -, thus
       executing first the system's profile (/etc/profile) and then the
       specified user's profile (.profile in the new HOME directory).
       Otherwise, the environment is passed along with the possible
       exception of $PATH, which is set to /bin:/etc:/usr/bin for root.

       If the optional program used as the shell is /bin/sh, the user's
       .profile can check arg0 for -sh or -su to determine if it was invoked
       by login(1) or su(1), respectively.  If the user's program is other
       than /bin/sh, then .profile is invoked with an arg0 of -program by
       both login(1) and su(1).

       All attempts to become another user using su are logged in the log
       file /usr/adm/sulog.  This file contains the time and date when su
       was invoked, a plus sign or a minus sign indicating the success or
       failure (respectively) of the su command, the user's tty, the user's
       login name, and the name to which the user attempted to change.

       For example, the following entry shows that user morris, at tty06,
       became root at 4:41pm on June 30.

       SU 06/30 16:41 + tty06 morris-root

       The following entry shows an unsuccessful attempt to become root.

       SU 06/24 13:55 - tty11 morris-root

EXAMPLES
       To become user bin while retaining your previously exported
       environment, execute:

              su bin

       To become user bin but change the environment to what would be
       expected if bin had originally logged in, execute:

              su - bin

       To execute command with the temporary environment and permissions of
       user bin, type:

              su - bin -c "command args"

FILES
       /etc/passwd     System's password file
       /etc/profile    System's profile
       $HOME/.profile  User's profile
       /usr/adm/sulog  Log file
       /etc/default/su The default parameters that live here are:
             SULOG:    If defined, all attempts to su to another user are
                       logged in the indicated file.
             CONSOLE:  If defined, all attempts to su to root are logged on
                       the console.
             PATH:     Default path.
             SUPATH:   Default path for a user invoking su to become root.

SEE ALSO
       env(1), login(1), sh(1).
       passwd(4), profile(4), environ(5).

NOTES
       If you are using a system with DG/UX information security, and a
       user's su password expires, you will not be able to su to that user.


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026